F Lester 1.0 Plugin Arbitrary File Inclusion, Upload, and RCE Vulnerability Analysis

From this webpage screenshot, the following key vulnerability information can be obtained: - **Plugin Name and Version**: F Lester, version 1.0. - **Author**: tadgadget. - **Timestamp**: May 2, 2023, 08:17:50 AM (UTC+8). - **File Paths**: - `includes/admin.php` - `admin.css.php` - `index.php` - `inc/options.php` - `inc/functions.php` - `inc/templates/settings-template.php` - **Critical Code Snippets**: ```php // Potential vulnerability in includes/admin.php $file = $_GET['file']; include($file); // Potential vulnerability in inc/functions.php if (isset($_POST['action']) && $_POST['action'] == 'upload_file') { $tmp_name = $_FILES['file']['tmp_name']; $name = $_FILES['file']['name']; move_uploaded_file($tmp_name, WP_CONTENT_DIR . '/uploads/' . $name); } // Potential vulnerability in inc/templates/settings-template.php echo "eval('$_POST[script]');"; ``` These code snippets may contain the following vulnerabilities: - **Arbitrary File Inclusion**: `include($file);` may lead to an arbitrary file inclusion vulnerability. - **Unsafe File Upload**: `move_uploaded_file` does not sufficiently validate uploaded files, potentially allowing malicious file uploads. - **Code Injection**: `eval('$_POST[script]');` may result in a code injection vulnerability. These vulnerabilities could be exploited by attackers to perform malicious actions such as remote code execution, file upload attacks, etc.

Goal Reached Thanks to every supporter — we hit 100%!

F Lester 1.0 Plugin Arbitrary File Inclusion, Upload, and RCE Vulnerability Analysis