一、 漏洞 CVE-2024-12544 基础信息
漏洞标题
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - 验证错误导致Authenticated (Subscriber+)用户可通过SurveyJS_DeleteFile任意删除文件
来源:AIGC 神龙大模型
漏洞描述信息
SurveyJS: Drag & Drop WordPress Form Builder 插件在所有版本(包括 1.12.17 及其之前的版本)中存在任意文件删除漏洞。该漏洞是由于 SurveyJS_DeleteFile 类的回调函数中缺少能力检查所致。这使得拥有订阅者级别及以上权限的已认证攻击者可以在服务器上删除任意文件。当删除关键文件(如 wp-config.php)时,该漏洞可能导致远程代码执行。在 1.12.20 版本中,此功能仍然存在跨站请求伪造漏洞。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
跨站请求伪造(CSRF)
来源:AIGC 神龙大模型
漏洞标题
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
授权机制缺失
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2024-12544 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-12544 的情报信息

  • 标题: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile -- 🔗来源链接

    标签:

    SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile

  • 标题: Changeset 3222216 for surveyjs/trunk/ajax_handlers/delete_file.php – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3222216 for surveyjs/trunk/ajax_handlers/delete_file.php – WordPress Plugin Repository

  • 标题: Changeset 3214665 – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3214665 – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2024-12544