cnvd - cnvd-2022-31856

CNVD-2022-31856

Vulnerability from cnvd - Published: 2022-04-24

Title

WordPress Amelia plugin Amelia SMS服务授权问题漏洞

Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress Amelia plugin存在授权问题漏洞，该漏洞源于该插件在处理 Amelia SMS 服务时没有适当的授权。任何经过身份验证攻击者可利用此漏洞发送付费测试SMS通知，以及检索有关管理员的敏感信息，如电子邮件、帐户余额和支付历史记录。恶意参与者可以通过持续发送短信通知来耗尽帐户余额。

Severity

中

Patch Name

WordPress Amelia plugin Amelia SMS服务授权问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a

Reference

https://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a

Impacted products

Name
WordPress Amelia Plugin <1.0.48

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-0837",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-0837"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress Amelia plugin\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u63d2\u4ef6\u5728\u5904\u7406 Amelia SMS \u670d\u52a1\u65f6\u6ca1\u6709\u9002\u5f53\u7684\u6388\u6743\u3002\u4efb\u4f55\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u53d1\u9001\u4ed8\u8d39\u6d4b\u8bd5SMS\u901a\u77e5\uff0c\u4ee5\u53ca\u68c0\u7d22\u6709\u5173\u7ba1\u7406\u5458\u7684\u654f\u611f\u4fe1\u606f\uff0c\u5982\u7535\u5b50\u90ae\u4ef6\u3001\u5e10\u6237\u4f59\u989d\u548c\u652f\u4ed8\u5386\u53f2\u8bb0\u5f55\u3002\u6076\u610f\u53c2\u4e0e\u8005\u53ef\u4ee5\u901a\u8fc7\u6301\u7eed\u53d1\u9001\u77ed\u4fe1\u901a\u77e5\u6765\u8017\u5c3d\u5e10\u6237\u4f59\u989d\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-31856",
  "openTime": "2022-04-24",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress Amelia plugin\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u63d2\u4ef6\u5728\u5904\u7406 Amelia SMS \u670d\u52a1\u65f6\u6ca1\u6709\u9002\u5f53\u7684\u6388\u6743\u3002\u4efb\u4f55\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u53d1\u9001\u4ed8\u8d39\u6d4b\u8bd5SMS\u901a\u77e5\uff0c\u4ee5\u53ca\u68c0\u7d22\u6709\u5173\u7ba1\u7406\u5458\u7684\u654f\u611f\u4fe1\u606f\uff0c\u5982\u7535\u5b50\u90ae\u4ef6\u3001\u5e10\u6237\u4f59\u989d\u548c\u652f\u4ed8\u5386\u53f2\u8bb0\u5f55\u3002\u6076\u610f\u53c2\u4e0e\u8005\u53ef\u4ee5\u901a\u8fc7\u6301\u7eed\u53d1\u9001\u77ed\u4fe1\u901a\u77e5\u6765\u8017\u5c3d\u5e10\u6237\u4f59\u989d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Amelia plugin Amelia SMS\u670d\u52a1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Amelia Plugin \u003c1.0.48"
  },
  "referenceLink": "https://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-07",
  "title": "WordPress Amelia plugin Amelia SMS\u670d\u52a1\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2022-0837 (GCVE-0-2022-0837)

Vulnerability from cvelistv5 – Published: 2022-04-04 15:35 – Updated: 2024-08-02 23:40

Title

Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

Summary

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.

Severity ?

No CVSS data available.

CWE

CWE-862 Missing Authorization

Assigner

WPScan

References

URL

Tags

https://wpscan.com/vulnerability/0882e5c0-f319-49…

exploitvdb-entrytechnical-description

Impacted products

	Vendor	Product	Version
	Unknown	Amelia	Affected: 0 , < 1.0.48 (custom)

Credits

Huli from Cymetrics WPScan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Amelia",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.0.48",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Huli from Cymetrics"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-25T07:18:27.409Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/0882e5c0-f319-4994-9346-aa18438fda6a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Amelia \u003c 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0837",
    "datePublished": "2022-04-04T15:35:52",
    "dateReserved": "2022-03-03T00:00:00",
    "dateUpdated": "2024-08-02T23:40:04.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-31856

CVE-2022-0837 (GCVE-0-2022-0837)

Tags

Sightings

Nomenclature