9.8

CVE-2023-5815

EPSS 43.25%
Veröffentlicht 22.11.2023 16:15:14
Zuletzt bearbeitet 21.11.2024 08:42:32
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.

Mögliche Gegenmaßnahme

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News: Update to version 3.4.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

Version *-3.4.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Infornweb ≫ News & Blog Designer Pack SwPlatformwordpress Version <= 3.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	43.25%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=

Patch

https://wordpress.org/plugins/blog-designer-pack/

Product

https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp

Not Applicable

https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5815

EUVD