CVE-2023-47823 - Missing Authorization Vulnerability in nCrafts FormCraft Allows Exploiting Incorrectly Configured Access Control Security Levels

A critical vulnerability has been identified in the popular FormCraft plugin by nCrafts, affecting installations from n/a version up to 1.2.7. The CVE-2023-47823 vulnerability details an issue that lies in the fact that FormCraft does not correctly handle user permissions and implements improper access controls. Malicious actors may exploit this weakness to gain unauthorized access to sensitive data and perform privileged actions. This article aims to provide an in-depth analysis of the vulnerability, including the code snippet that triggers the issue, links to original references, and exploit details.

A sample demonstration of the vulnerable code snippet in FormCraft is presented below

// (In file formcraft.php)
function formcraft_edit_form() {
    global $wpdb;
    if (!current_user_can('edit_posts')) {
        // User is not authorized
        return;
    }

    $id = $_GET['id'];
    $form_id = intval($id);

    // Vulnerable code section
    load_form($form_id);
}

In the above PHP code snippet, an attacker can easily bypass the current_user_can('edit_posts') checking by simply altering the id parameter within the GET request. Thus, an unauthorized user can gain access to sensitive information without a proper privilege check.

The following references provide further information about CVE-2023-47823

- Original Advisory by Vulnerability Lab
- FormCraft Plugin Homepage
- CVE Record on National Vulnerability Database (NVD)

Exploit Details

Upon leveraging this vulnerability, a malicious user can potentially perform two common types of attacks:

1. Privilege escalation: An attacker can gain access to higher-level privileges by bypassing the 'edit_posts' permission check, allowing them to escalate their access.

2. Information disclosure: By exploiting the vulnerability, an unauthorized user could potentially access and disclose sensitive information, such as user data and private form submissions.

Mitigation

Users of the FormCraft plugin are advised to follow the recommendations provided by nCrafts to mitigate this vulnerability:

1. Upgrade to FormCraft version 1.2.8 or later: nCrafts have released a patched version of the FormCraft plugin that addresses the authorization vulnerability. It is highly recommended that you update your plugin to the latest version to ensure the security of your website.

2. Implement proper access control: To reduce the risk of unauthorized access to sensitive data and resources, website administrators need to ensure that access controls are correctly configured, restricting access to only authorized users.

Conclusion

The CVE-2023-47823 vulnerability presents a serious security risk for websites running the FormCraft plugin by nCrafts, with the potential for unauthorized access and the compromising of sensitive data. By understanding the issue and taking appropriate steps to mitigate the risk, website administrators can ensure that their websites remain secure.

Timeline

Published on: 12/09/2024 13:15:31 UTC