This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Directory Traversal via `rename_item` function. π **Consequences**: Full compromise! High CVSS score means attackers can Read, Write, and Delete critical system files.β¦
π‘οΈ **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory. π **Flaw**: The plugin fails to sanitize input in the `rename_item` function, allowing path manipulation.β¦
π’ **Vendor**: 10Web. π¦ **Product**: Photo Gallery by 10Web β Mobile-Friendly Image Gallery. π **Affected**: Version **1.8.19 and earlier**. β οΈ If you are on an older version, you are at risk!
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Privileges**: Requires High Privileges (Authenticated). π **Data Access**: Can access sensitive files outside the gallery folder.β¦
π **Auth Required**: YES. PR:H (Privileges Required: High). π§ **Threshold**: Not trivial for anonymous users. π **Config**: Attacker must have an account with sufficient permissions on the WordPress site.β¦
π **Public Exp?**: No specific PoC code provided in data. π **References**: Links to WordPress Trac and Wordfence exist. π **Status**: Likely theoretical or limited to authenticated insiders.β¦
π **Check**: Scan for 'Photo Gallery by 10Web' plugin. π **Version**: Verify if version β€ 1.8.19. π οΈ **Tool**: Use WordPress plugin scanners or manual file inspection of `filemanager/controller.php`.β¦
π§ **Fixed**: Yes! Updates available via WordPress Trac. π₯ **Action**: Update to the latest version immediately. π **Commit**: Changeset 3022981 addresses the issue.β¦
π« **No Patch?**: Disable the plugin if not essential. π‘οΈ **Mitigation**: Restrict user roles to prevent access to gallery management. π **WAF**: Block requests containing `../` in `rename_item` parameters.β¦
π₯ **Urgency**: HIGH. π **CVSS**: High severity (H/H/H). β³ **Time**: Published Feb 2024. π **Priority**: Patch immediately if using affected versions. π Do not ignore authenticated directory traversal risks!