An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as…
mitre·CWE-306·Published 2021-01-01
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
Se detectó un problema en el plugin Quiz and Survey Master versiones anteriores a 7.0.1 para WordPress. Permite a los usuarios eliminar archivos arbitrarios, como el archivo wp-config.php, que podría desconectar un sitio de manera efectiva y permitir a un atacante reinstalarlo con una instancia de WordPress bajo su control. Esto ocurrió por medio de la función qsm_remove_file_fd_question, que permitió eliminaciones no autenticadas (aunque solo estaba destinado a que una persona eliminara sus propios archivos de respuestas de cuestionarios).
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.4 | 10.0 | 4.9 | AV:N/AC:L/Au:N/C:N/I:P/A:P |
| 3.1 | Primary | cve.org | 9.9 | — | — | CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:N |
| 3.1 | Primary | cve.org | 9.9 | — | — | CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:N |
| 3.1 | Primary | NVD | 9.9 | 3.9 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H |
| 3.1 | Secondary | NVD | 9.9 | 3.9 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H |