Lucene search
K

7 matches found

Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.441 views

Media Library Assistant Wordpress Plugin - RCE and LFI

Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI Date: 2023/09/05 CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...

9.8CVSS9.8AI score0.82585EPSS
Exploits6
0day.today
0day.today
added 2023/10/09 12:0 a.m.201 views

Wordpress Media Library Assistant Plugin - Remote Code Execution / Local File Inclusion Exploit

Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...

9.8CVSS9.6AI score0.82585EPSS
Exploits6
wpexploit
wpexploit
added 2023/09/07 12:0 a.m.168 views

Media Library Assistant < 3.10 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution

Description The plugin is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file, where images are processe...

9.8CVSS9.9AI score0.82585EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2023/09/06 8:27 a.m.14 views

CVE-2023-4634 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

9.8CVSS7.8AI score0.82585EPSS
Exploits6References5
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.27 views

WordPress Media Library Assistant Plugin <= 3.09 is vulnerable to Remote Code Execution (RCE)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.09 Fixed in 3.10 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4634 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a9f84b644a17 Credits Pepitoh Required privilege...

9.8CVSS7.5AI score0.82585EPSS
Exploits6References4Affected Software1
Circl
Circl
added 2023/09/05 11:57 a.m.240 views

CVE-2023-4634

creationtimestamp| type| source ---|---|--- 2023-09-05 11:57:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5085 2023-09-06 09:31:08+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/7744 2023-09-06 12:17:47+00:00| seen| https://t.me/cibsecurity/69963 2023-09-07...

9.8CVSS7AI score0.82585EPSS
In wildExploits6References15
GithubExploit
GithubExploit
added 2023/09/05 7:44 a.m.698 views

Exploit for CVE-2023-4634

CVE-2023-4634 RCE Exploit for Wordpress Plugin Media-Library P...

9.8CVSS9.6AI score0.82585EPSS
Exploits6
Rows per page
Query Builder