CVE-2019-6715

Name of the Vulnerable Software and Affected Versions W3 Total Cache plugin versions prior to 0.9.4

Description The issue allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. This is due to a lack of proper access control in the API, which can be exploited by modifying the user ID in the API request. The problem affects the Toyota GAZOO Racing (TGR) application, which provides location tracking functionality for users. Additionally, a similar issue was found in the official Ferrari website, which was using an outdated version of the W3 Total Cache plugin.

Recommendations For W3 Total Cache plugin versions prior to 0.9.4, update to version 0.9.4 or later to resolve the issue. As a temporary workaround, consider disabling the pub/sns.php file until a patch is available. Restrict access to the SubscribeURL field in the SubscriptionConfirmation JSON data to minimize the risk of exploitation.