Published:2023/06/27 Last Updated:2023/07/14
JVN#97127032
WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
Overview
WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability.
Products Affected
- Snow Monkey Forms v5.1.1 and earlier
When this advisory was first published on 2023 June 27, the affected versions were described as "5.1.0 and earlier". However, it was found by the reporter that the fix was not adequate in version 5.1.1. Therefore, version 5.1.2 that contains the fix was released later.
Description
WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability (CWE-22).
Impact
Arbitrary files on the server may be deleted by a remote attacker.
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Monkey Wrench Inc. | Snow Monkey Forms v5.1.2 released (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Base Score:
5.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score:
5.0
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
This analysis assumes that an attacker removes a file outside the web contents area.
Credit
Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-32623 |
| JVN iPedia |
JVNDB-2023-000067 |
Update History
- 2023/07/14
- Revised the information under the sections [Products Affected] and [Vendor Status].