Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress mTheme-Unus Theme - Local File Inclusion" module is designed to detect a vulnerability in the mTheme-Unus WordPress theme. This vulnerability allows an attacker to include local files through the "css.php" file. The severity of this vulnerability is classified as high.
This module was authored by dhiyaneshDk.
If exploited, this vulnerability can allow an attacker to access sensitive information stored in the WordPress configuration file, such as database credentials.
The module sends an HTTP GET request to the vulnerable endpoint:
/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php
The module then applies the following matching conditions:
- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.If both conditions are met, the module reports a vulnerability.
For more information, you can refer to the WPScan vulnerability report.