Executive Summary

CVE-2016-20079 is a local file inclusion vulnerability found in the WordPress Dharma Booking plugin version 2.28.3 and earlier. It occurs in the file proccess.php where the gateway parameter is used without proper validation to include PHP files dynamically.

Attackers can manipulate the gateway parameter by using directory traversal sequences or null byte injection to include arbitrary files, such as sensitive configuration or system files, on the server.

This flaw allows unauthenticated attackers to read sensitive files or potentially execute malicious PHP code by exploiting the insecure file inclusion.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to access sensitive files on the server, such as configuration files that may contain database credentials or other confidential information.

By including arbitrary files, attackers might also execute malicious code, potentially compromising the server or the website running the vulnerable plugin.

Since the vulnerability is exploitable without authentication, it increases the risk of unauthorized data disclosure and system compromise.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to exploit the local file inclusion flaw through the gateway parameter in the vulnerable proccess.php file of the Dharma Booking plugin.

One way to detect it is by sending HTTP requests that manipulate the gateway parameter with directory traversal sequences or null byte injections to see if sensitive files like /etc/passwd or wp-config.php can be accessed.

Example command using curl to test for the vulnerability:

• curl -v "http://target-site.com/wp-content/plugins/dharma-booking/frontend/ajax/gateways/proccess.php?gateway=../../../../../../etc/passwd"

If the response contains contents of the targeted file (e.g., /etc/passwd), the system is vulnerable.

Network detection can also involve monitoring web server logs for suspicious requests containing directory traversal patterns in the gateway parameter.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include:

• Disable or remove the Dharma Booking plugin if it is installed, as it is no longer maintained or supported.
• Restrict access to the vulnerable proccess.php file or the entire plugin directory via web server configuration to prevent unauthenticated access.
• Implement input validation and sanitization on the gateway parameter to prevent directory traversal and null byte injection.
• Monitor web server logs for suspicious requests targeting the gateway parameter and block offending IP addresses.

Since the plugin is no longer maintained, consider migrating to a supported alternative plugin for accommodation booking.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated attackers to include arbitrary files and read sensitive configuration and system files by exploiting a local file inclusion flaw in the WordPress Dharma Booking plugin. This exposure of sensitive files could lead to unauthorized access to personal or protected data.

Such unauthorized access and potential data exposure can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and breaches.

Useful 0 Not Useful 0