CVE-2020-35951 - OpenCVE

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Expresstech	Quiz And Survey Master

Configuration 1 [-]

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/10348
https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-01T03:27:03

Updated: 2024-08-04T17:16:13.461Z

Reserved: 2021-01-01T00:00:00

Link: CVE-2020-35951

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-01T04:15:13.667

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-35951

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-01T03:27:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/"}, {"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/10348"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files)."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/"}, {"name": "https://wpscan.com/vulnerability/10348", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/10348"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:16:13.461Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/10348"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35951", "datePublished": "2021-01-01T03:27:03", "dateReserved": "2021-01-01T00:00:00", "dateUpdated": "2024-08-04T17:16:13.461Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D6792C16-E4B9-4838-8137-F41B1694CE6A", "versionEndExcluding": "7.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el plugin Quiz and Survey Master versiones anteriores a 7.0.1 para WordPress. Permite a los usuarios eliminar archivos arbitrarios, como el archivo wp-config.php, que podr\u00eda desconectar un sitio de manera efectiva y permitir a un atacante reinstalarlo con una instancia de WordPress bajo su control. Esto ocurri\u00f3 por medio de la funci\u00f3n qsm_remove_file_fd_question, que permiti\u00f3 eliminaciones no autenticadas (aunque solo estaba destinado a que una persona eliminara sus propios archivos de respuestas de cuestionarios)."}], "id": "CVE-2020-35951", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.3, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.3, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2021-01-01T04:15:13.667", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/10348"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}