CVE-2018-9118
published 2018-04-12CVE-2018-9118: exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename…
PriorityP278high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
48.16%
98.7th percentile
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 99robots | wp_background_takeover_advertisements | < 4.1.5 | 4.1.5 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php↗
- →Look for GET requests to exports/download.php with a 'filename' parameter containing directory traversal sequences (../) targeting wp-config.php or other sensitive files. ↗
- →Response bodies containing all of 'DB_NAME', 'DB_PASSWORD', 'DB_HOST', and 'The base configurations of the WordPress' indicate successful exploitation and wp-config.php exfiltration.
- →Use Google dork 'inurl:/plugins/wpsite-background-takeover' to identify potentially vulnerable WordPress installations exposed on the internet. ↗
- ·The vulnerability affects plugin versions <= 4.1.4 only; version 4.1.5 and above are patched. Ensure version checks are included in detection logic to reduce false positives on patched installations. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pgmv-px7h-43x3: exports/download
ghsa_unreviewed·2022-05-14
CVE-2018-9118 [HIGH] CWE-22 GHSA-pgmv-px7h-43x3: exports/download
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
VulnCheck
99robots wp_background_takeover_advertisements Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2018·CVSS 7.5
CVE-2018-9118 [HIGH] 99robots wp_background_takeover_advertisements Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
99robots wp_background_takeover_advertisements Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
Affected: 99robots wp_background_takeover_advertisements
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Exploit-DB
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
exploitdb·2018-04-09·CVSS 7.5
CVE-2018-9118 [HIGH] WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
---
# Exploit Title: WP Background Takeover, Directory Traversal <= 4.1.4
# Google Dork: inurl:/plugins/wpsite-background-takeover
# Date: 2018-03-08
# Exploit Author: Colette Chamberland, Defiant, Inc.
# Vendor Homepage: https://99robots.com
# Software Link: https://99robots.com/products/wp-background-takeover-advertisements/
# Version: <= 4.1.4
# Tested on: Wordpress 4.9.x
# CVE : CVE-2018-9118
Description
Allows for an attacker to browse files via the download.php file:
http://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
Nuclei
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-9118 [HIGH] WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
Template:
id: CVE-2018-9118
info:
name: WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
impact: |
This vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing sensitive information or allowing for further exploitation.
remediation: |
Upgrade to 4.1.15.
reference:
- https://www.exploit-db.com/exploits/44417
- https:
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
2018-04-12
Published
Exploited in the wild