Mashshare <= 2.3.0 - Information DisclosureSign up to our free email alerts service for instant vulnerability notifications!
The Mashshare plugin exposes a few AJAX commands via its own custom hook, which can be found in the file ‘includes/admin/admin-actions.php’, and the function ‘mashsb_process_actions’. This function is called upon the ‘admin_init’ action being fired, which can be triggered by anyone when visiting the admin AJAX handler. Coupled with the fact that there is no checking of user privilege on this function means that anonymous users are able to trigger certain functions intended for Administrative use only.
|Proof of Concept||
Visiting the following URL on the target will disclose the content that is usually displayed in the ‘System Info’ tab, under the Administration panel, which includes PHP version, Plugins installed, and various other System information. http://localhost/wp-admin/admin-ajax.php?action=-&mashsb-action=tools_tab_system_info
fixed in version 2.3.1
|Publicly Published||2015-04-17 (over 1 year ago)|
|Added||2015-04-25 (over 1 year ago)|
|Last Updated||2015-09-20 (about 1 year ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|