Vulnerability Details : CVE-2023-4634
Public exploit exists!
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.
Vulnerability category: File inclusionExecute code
Products affected by CVE-2023-4634
- cpe:2.3:a:davidlingren:media_library_assistant:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4634
3.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Wordfence |
CWE ids for CVE-2023-4634
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-4634
-
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old ImagickExploit;Third Party Advisory
-
https://github.com/Patrowl/CVE-2023-4634/
GitHub - Patrowl/CVE-2023-4634: CVE-2023-4634Exploit;Third Party Advisory
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code ExecutionThird Party Advisory
-
https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz
WordPress Media Library Assistant 3.09 LFI / Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4
Changeset 2955933 for media-library-assistant – WordPress Plugin RepositoryPatch
Jump to