CVE-2023-5414 - Icegram Express WordPress Plugin: Directory Traversal Vulnerability in Versions <= 5.6.23

A critical security vulnerability has been discovered in the Icegram Express plugin for WordPress, affecting versions up to and including 5.6.23. The vulnerability, defined as a Directory Traversal attack, allows administrator-level attackers to read the contents of arbitrary files on the server. The exploit, designated as CVE-2023-5414, can expose sensitive information, including data belonging to other websites, especially in shared hosting environments.

Description

The issue arises from the show_es_logs function of the plugin, which allows for reading log files within the plugin directory. However, by manipulating the file path provided to the function, attackers can access files outside of the intended directory. Consequently, the exploit enables unauthorized access to potentially sensitive information, including configuration files, user data, and server logs.

Below is a code snippet from the vulnerable function, show_es_logs

function show_es_logs() {
    $log_file = isset($_GET['file']) ? $_GET['file'] : '';
    if ( ! empty( $log_file ) ) {
        $log_file_path = plugin_dir_path( __FILE__ ) . 'logs/' . $log_file;
        if ( file_exists( $log_file_path ) ) {
            $content = file_get_contents( $log_file_path );
            echo '<pre>' . $content . '</pre>';
        }
    }
}

The $_GET parameter ('file') can be manipulated to provide a relative file path to a target file, leading to directory traversal. An attacker could use a crafted HTTP request like this:

https://target-site.com/wp-admin/admin-ajax.php?action=show_es_logs&file=../../../../../../../../etc/passwd

The attacker would receive the contents of '/etc/passwd,' giving them access to sensitive user information.

Mitigation

To protect your WordPress installation from this vulnerability, we recommend updating the Icegram Express plugin to the most recent version. Plugin authors have acknowledged the issue and released a patch in version 5.6.24. If you are unable to update the plugin promptly, disabling it until you can apply the update can provide temporary protection. Additionally, enabling security monitoring tools such as intrusion detection systems and firewalls can help detect and block attempts to exploit the vulnerability.

For more information on CVE-2023-5414, please refer to these sources

- CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5414
- National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2023-5414
- Icegram Express - Official Plugin Repository: https://wordpress.org/plugins/icegram-raincheque/includes/es-helper.php

Conclusion

The Directory Traversal vulnerability discovered in the Icegram Express plugin for WordPress (CVE-2023-5414) creates a significant risk for users of the plugin, particularly in shared hosting environments. The plugin author has addressed this issue by releasing an updated version that includes a security patch. It is crucial to update the Icegram Express plugin to the latest version and maintain a security-conscious approach across your WordPress environment to protect against potential data breaches and unauthorized access.

Timeline

Published on: 10/20/2023 07:15:17 UTC
Last modified on: 11/07/2023 04:23:58 UTC