A security misconfiguration can lead to information disclosure due to a failure in the crontab manager to catch PHP errors when the system() function is disabled.
Install or activate Buoy if it is not already installed or activated.
Log in with any user to access the WordPress Dashboard.
Expected Results
Buoy gracefully recovers from running in an environment where system() is not permitted.
Actual Results
Users receive a visual warning:
Warning: system() has been disabled for security reasons in /home/[REDACTED]/public_html/wp-content/plugins/buoy/includes/crontab-manager.php on line 70
Warning: system() has been disabled for security reasons in /home/[REDACTED]/public_html/wp-content/plugins/buoy/includes/crontab-manager.php on line 140
Workarounds
None.
Other Information
This has a moderate security impact: if step 2 in the reproduction procedure is enabled on a production deployment, it is considered a security misconfiguration vulnerability leading to an information disclosure exploit.
To mitigate this risk, web server operators are reminded to set the display_errors PHP configuration setting to 0 (meaning "off").
A security misconfiguration can lead to information disclosure due to a failure in the crontab manager to catch PHP errors when the
system()
function is disabled.Steps to Produce/Reproduce
system()
function (such as by enabling PHP's safe mode or by listing it in thedisable_functions
PHP configuration setting)display_errors
configuration setting.Expected Results
Buoy gracefully recovers from running in an environment where
system()
is not permitted.Actual Results
Users receive a visual warning:
Workarounds
None.
Other Information
This has a moderate security impact: if step 2 in the reproduction procedure is enabled on a production deployment, it is considered a security misconfiguration vulnerability leading to an information disclosure exploit.
To mitigate this risk, web server operators are reminded to set the
display_errors
PHP configuration setting to0
(meaning "off").