Lucene search

WPScanCVE-2024-6451

HistoryAug 19, 2024 - 6:15 a.m.

CVE-2024-6451

2024-08-1906:15:05

WPScan

web.nvd.nist.gov

ai engine

remote-code-execution

log poisoning

wordpress plugin

file extension validation

administrators

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.5%

JSON

AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of “logs_path”, allowing Administrators to change log filetypes from .log to .php.

Affected configurations

Vulners

Vulnrichment

Node

meowappsai_engineRange<2.5.1wordpress

VendorProductVersionCPE
meowappsai_engine*cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
meowapps	ai_engine	*	cpe:2.3:a:meowapps:ai_engine::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "AI Engine",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.5.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-6451