[rwth-security] Wordpress - Media Library Assistant <= 3.09 - Unauthenticated

6 Sep 2023


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution"
"... makes it possible for unauthenticated attackers to supply files via FTP that will
     make directory lists, local file inclusion, and remote code execution possible. ..."
--> siehe auch [1]
--> PoC auf [2]
VG
Bernd
[0]
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/med...
[1]
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
[2]
https://github.com/Patrowl/CVE-2023-4634
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
https://www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2024

2023

2022

2021

2020

2019

2018

[rwth-security] Wordpress - Media Library Assistant <= 3.09 - Unauthenticated