Abdul Hakeem Build App Online PHP Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Abdul Hakeem Build App Online plugin for WordPress, affecting versions through 1.0.23. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion that could be exploited to include local files from the target website and display their contents. Such exploitation could lead to the disclosure of sensitive information, like database credentials, potentially allowing a complete takeover of the database, depending on the configuration.

Impact

Exploitation of this vulnerability could result in local file inclusion, allowing attackers to access and disclose sensitive files from the server, such as those containing database credentials, which could lead to a complete takeover of the database.

Remediation

Users are advised to update to a version of the Abdul Hakeem Build App Online plugin for WordPress that is later than 1.0.23. Patchstack has also issued a virtual patch to mitigate this vulnerability for users of their service.