7 matches found
Wordpress Media Library Assistant Plugin - Remote Code Execution / Local File Inclusion Exploit
Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...
Media Library Assistant Wordpress Plugin - RCE and LFI
Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI Date: 2023/09/05 CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...
Media Library Assistant < 3.10 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
Description The plugin is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file, where images are processe...
CVE-2023-4634 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...
WordPress Media Library Assistant Plugin <= 3.09 is vulnerable to Remote Code Execution (RCE)
Software Media Library Assistant Type Plugin Vulnerable versions = 3.09 Fixed in 3.10 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4634 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a9f84b644a17 Credits Pepitoh Required privilege...
CVE-2023-4634
creationtimestamp| type| source ---|---|--- 2023-09-05 11:57:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5085 2023-09-06 09:31:08+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/7744 2023-09-06 12:17:47+00:00| seen| https://t.me/cibsecurity/69963 2023-09-07...
Exploit for CVE-2023-4634
CVE-2023-4634 RCE Exploit for Wordpress Plugin Media-Library P...