CVE-2014-6059

Vulnerability

The WordPress Advanced Access Manager (AAM) plugin, in versions prior to 2.8.2, contains an arbitrary file overwrite vulnerability. The flaw resides in insufficient input validation when handling file uploads or file-related operations, allowing an attacker with sufficient permissions to specify a file path and content, leading to overwriting of arbitrary files on the server [1].

Exploitation

An attacker must be authenticated with a user role that has access to the relevant AAM functionality (e.g., the ability to upload or write files). The attacker can craft a request that specifies a target file path (e.g., a PHP file in the web root) and malicious content. The plugin then overwrites that file without proper sanitization or path checks [1].

Impact

Successful exploitation allows the attacker to overwrite arbitrary files on the WordPress server. This can be leveraged to overwrite PHP files (such as a theme's functions.php or a core file) to achieve remote code execution (RCE) in the context of the web server. This leads to complete compromise of the WordPress site, including data theft, site defacement, or further lateral movement [1].

Mitigation

Update the Advanced Access Manager plugin to version 2.8.2 or later, which fixes the file overwrite vulnerability. No workaround is provided for older versions. The fix was released shortly after the disclosure in September 2014 [1].