Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress ChurcHope Theme <= 2.1 - Local File Inclusion" module is designed to detect a vulnerability in the ChurcHope WordPress theme version 2.1 or lower. This vulnerability is classified as CWE-22 and has a high severity level. The module aims to identify instances where an attacker can exploit a local file inclusion vulnerability in the ChurcHope theme.
If successfully exploited, the local file inclusion vulnerability in the ChurcHope theme can allow an attacker to access sensitive files on the server, such as the wp-config.php file. This file contains sensitive information, including database credentials (DB_NAME and DB_PASSWORD), which can be used to gain unauthorized access to the WordPress site and potentially compromise its security.
The module sends an HTTP GET request to the following path: /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
. It then applies two matching conditions to determine if the vulnerability is present:
If both matching conditions are met, the module reports the vulnerability, indicating that the ChurcHope theme is susceptible to a local file inclusion attack.