CVE-2023-4634

Roger Wilco Vulnerabilities 6 septembre 2023 Affichages : 98

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. (CVSS:9.8) (EPSS:5.69%) (Last Update:2023-09-11 13:29:41)

WHAT ARE YOU LOOKING FOR?

Popular Tags

CVE-2023-4634

Follow us on

Most popular

AA19-122A: New Exploits for Unsecure SAP Systems

Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: Web Application Firewall bypass via Bluecoat device

Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability

Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability

Category

Popular Sections

About