Russian Vulnerability Scanner Database

Back to List

CVE-2023-4634

Scores

EPSS

0.921high92.1%
0%20%40%60%80%100%

Percentile: 92.1%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the ‘mla_stream_file’ parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

Related Vulnerabilities

BDU:2023-05428

Exploits

Exploit ID: 51737

Source: exploitdb

URL: https://www.exploit-db.com/exploits/51737

Exploit ID: CVE-2023-4634

Source: github-poc

URL: https://github.com/Evillm/CVE-2023-4634-PoC

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: media_library_assistant

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:davidlingren:media_library_assistant:*:*:*:*:*:wordpress:*:*",      "versionEndExcluding": "3.10",      "vulnerable": true    }  ],  "operato...

Source: nvd

End of list