Cybersecurity threats 2014: multiple dangerous vulnerabilities in the WordPress InfiniteWP Admin Panel

Posted: December 10, 2014 in Vulnerabilities
Tags: , , ,

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel.

Vulnerabilities in InfiniteWP Admin Panel were discovered on November 26 this year, but the details were made public only now because Walter Hop waited release fixes (version 2.4.4). One of the most dangerous gaps is the lack of strong encryption to store passwords, which allows remote attackers to disclose the administrator password.

Multiple vulnerabilities in the WordPress InfiniteWP Admin Panel

Danger level: Average
The presence of fixes: Yes
The number of vulnerabilities: 4

CVSSv2 rating:
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 6.4 / Temporal: 4.7
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 6.4 / Temporal: 4.7
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 6.4 / Temporal: 4.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7

Vector of operation: Remote
Impact: Disclosure of system data, Unauthorized modification of data

Affected products: InfiniteWP Admin Pane
Affected versions: InfiniteWP Admin Panel to version 2.4.4

Description:
The vulnerability allows a remote user to bypass security restrictions and gain access to important data.

1. The vulnerability exists due to insufficient input data processing in the parameter “email” of the function “filterParameters ()”. This can be exploited to execute arbitrary SQL commands in the application database.

2. The vulnerability exists due to insufficient input data processing in the parameter “historyID” of the function “filterParameters ()”. This can be exploited to execute arbitrary SQL commands in the application database.

3. The vulnerability is due to the fact that the application allows you to load arbitrary files in the directory of uploads (if the parameter “allWPFiles” is set). A remote user can inject arbitrary PHP code.

4. The vulnerability is due to the fact that the application uses weak encryption when storing a password. This can be exploited to disclose the administrator password.

Solution: Install the latest version 2.4.4 from the manufacturer web site.

References: https://lifeforms.nl/20141210/infinitewp-vulnerabilities/


InfiniteWPManufacturer URL: http://infinitewp.com/

Comments
  1. Adam K. says:

    1. Use a .htaccess file to add authentication and limit IP addresses.
    2. Use long and unique passwords.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s