cnvd - cnvd-2021-101464

CNVD-2021-101464

Vulnerability from cnvd - Published: 2021-12-22

Title

WordPress插件信息泄露漏洞（CNVD-2021-101464）

Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress插件 Simple Download Monitor 3.9.6之前版本存在信息泄露漏洞，该漏洞源于插件将日志保存在可预测的位置，并且没有任何认证或授权，未经认证的攻击者可以利用该漏洞下载和读取包含IP地址、用户名等敏感信息的日志。

Severity

中

Patch Name

WordPress插件信息泄露漏洞（CNVD-2021-101464）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-24695

Impacted products

Name
WordPress Simple Download Monitor <3.9.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24695"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress\u63d2\u4ef6 Simple Download Monitor 3.9.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5c06\u65e5\u5fd7\u4fdd\u5b58\u5728\u53ef\u9884\u6d4b\u7684\u4f4d\u7f6e\uff0c\u5e76\u4e14\u6ca1\u6709\u4efb\u4f55\u8ba4\u8bc1\u6216\u6388\u6743\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0b\u8f7d\u548c\u8bfb\u53d6\u5305\u542bIP\u5730\u5740\u3001\u7528\u6237\u540d\u7b49\u654f\u611f\u4fe1\u606f\u7684\u65e5\u5fd7\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-101464",
  "openTime": "2021-12-22",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress\u63d2\u4ef6 Simple Download Monitor 3.9.6\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5c06\u65e5\u5fd7\u4fdd\u5b58\u5728\u53ef\u9884\u6d4b\u7684\u4f4d\u7f6e\uff0c\u5e76\u4e14\u6ca1\u6709\u4efb\u4f55\u8ba4\u8bc1\u6216\u6388\u6743\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0b\u8f7d\u548c\u8bfb\u53d6\u5305\u542bIP\u5730\u5740\u3001\u7528\u6237\u540d\u7b49\u654f\u611f\u4fe1\u606f\u7684\u65e5\u5fd7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u63d2\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-101464\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Simple Download Monitor \u003c3.9.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-24695",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-10",
  "title": "WordPress\u63d2\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-101464\uff09"
}

CVE-2021-24695 (GCVE-0-2021-24695)

Vulnerability from cvelistv5 – Published: 2021-11-08 17:35 – Updated: 2024-08-03 19:42

Summary

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Severity ?

No CVSS data available.

CWE

CWE-425 - Direct Request ('Forced Browsing')

Assigner

WPScan

References

URL

Tags

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4a…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	Simple Download Monitor	Affected: 3.9.6 , < 3.9.6 (custom)

Credits

apple502j

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:42:16.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Simple Download Monitor",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.9.6",
              "status": "affected",
              "version": "3.9.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "apple502j"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-08T17:35:02",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Simple Download Monitor \u003c 3.9.6 - Unauthenticated Log Access",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24695",
          "STATE": "PUBLIC",
          "TITLE": "Simple Download Monitor \u003c 3.9.6 - Unauthenticated Log Access"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Simple Download Monitor",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.9.6",
                            "version_value": "3.9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "apple502j"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24695",
    "datePublished": "2021-11-08T17:35:02",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:42:16.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-101464

CVE-2021-24695 (GCVE-0-2021-24695)

Tags

Sightings

Nomenclature