Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

Related Vulnerabilities: CVE-2019-9618  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#32">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#32">By Thread</a>
<a href="27"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Henri Salo &lt;henri () nerv fi&gt;


<em>Date</em>: Sun, 17 Mar 2019 16:16:51 +0200


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, Mar 13, 2019 at 08:21:07AM +0100, Manuel Garcia Cardenas wrote:
</pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><pre style="margin: 0em;">- CVE-ID: CVE-2019-9618
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
/wordpress/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&amp;cfg=../../../../../../../../../../etc/passwd

VII. SOLUTION
-------------------------
Disable plugin until a fix is available, vendor does not fix after 2
requests.
</pre></blockquote><pre style="margin: 0em;">
Good research work Manuel. Keep up the good work! =)

In case of WordPress plugins your solution is not correct. This vulnerability
can be exploited even plugin is disabled. Plugin must be deleted in order to
mitigate this.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAlyOVtMACgkQJ633pE6q
dXTdBA/+J/ml4soyBkleh2QO/pCV4NiNeGfyBUU/FkEFAEthPOg4J0w4J526sMzV
hL9Y2GvTK4YnXLxLeksmehKTl8m6rFEDCE7CCTm64xUzZh6zgDHdDjcizyQ27Nes
WLHky0lWBcNT3Agfg+3H7vhPIQGGE3mLmQvxvV5LLpriiAw/rd4eONG5TO9qvzdN
1DQ79F54EPavrv7RARGu4JuXFBprNFm7WpQW1kb+nhsDzv9W5Vd9YcA9I2k+SM6y
WCIQPcyRxs/2kTRxTzV9AZT7R9ggPegeqT30Ir9OlZalUVzXVeeKdE5keflu+SVh
5YnaOBMk7WvAtk/uq9X9/StpxJKqCyIzRYtyp7Ouivqwmj25PIjeLUb1S+wsFQWn
ruEIrFl7ioAEWALfo9FOTVZpjbSAYNB3TINLuQqVf6tjJ+p8j/MJ3F7D2kLDARTM
QUsoJoXLsqJ5Q1OUS9UUqq9BeOcI3TwboKCpweeYRW8CGt+wCMvv8Nr6+XSirV9c
5Icnf7p1kPLwsUQSsC8jsyzfYczBZTfWiTmeKk/+60a2larptPcnrnrYJcj6g2Ae
XD9nv4icaji14/MtaRNUFr1es0B6bKWDKZqGAMTuzrk/A+YWUgZxeV3x0xivOz5G
Ry4dpnjhGHfYqo2fD1RK2/RlmPaBEy03tYCDcyTfaGpyzRTmXWg=
=ZzHz
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#32">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="26"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#32">By Thread</a>
<a href="27"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><a name="26" href="26">WordPress Plugin GraceMedia Media Player 1.0 - Local File	Inclusion</a> <em>Manuel Garcia Cardenas (Mar 16)</em>
<ul>
<li><strong>Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion</strong> <em>Henri Salo (Mar 19)</em>
</li>
</ul>
</li>
</ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started