Closed Utsav-Ladani closed 8 months ago
Admin can place and execute any file via the Import Settings option
Verified the fix and it is working fine. The commands are not executing now.
Any user can upload any file and place it anywhere
Verified the fix and it is working fine. The API is showing the permission denied message now.
Fix multiple security issues
Admin
can place and execute any file via theImport Settings
option. 🟧Description
Admin
can send any file to the server anywhere.Admin
can change the codebase by sending a few requests.Steps to reproduce
Admin
..json
.Import Settings
fromrtMedia > Settings > Import/Export
section.https:/whatever.your.url/wp-content/shell.php?cmd=ls
.cmd
param.Fixes
ob_start()
function. Which executes the content in the file, no matter the extension.json_decode
andfile_get_content
functions to load the JSON data securely.Anyone can upload a file, even a
subscriber
. 🟧Description
rtmedia_api
.Steps to reproduce
sub
and passwordsub
.Use the below code in your browser's console.
Any user can upload any file and place it anywhere 🟥
Steps to reproduce
Execute the below code in the browser's console.
Fixes
getimagesizefromstring
.