CVE-2024-50457
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)
Published: Oct 28, 2024 / Updated: 22d ago
010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
CVE Assignment
NVD published the first details for CVE-2024-50457
Oct 28, 2024 at 8:15 PM
CVSS
A CVSS base score of 7.5 has been assigned.
Oct 28, 2024 at 8:15 PM / nvd
First Article
Feedly found the first article mentioning CVE-2024-50457. See article
Oct 28, 2024 at 8:15 PM / National Vulnerability Database
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Oct 28, 2024 at 8:15 PM
EPSS
EPSS Score was set to: 0.04% (Percentile: 9.9%)
Oct 29, 2024 at 9:43 AM
Affected Systems
Qodeinteractive/qode_essential_addons
+null more
Attack Patterns
CAPEC-193: PHP Remote File Inclusion
+null more
News
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
CVE Alert: CVE-2024-50457 - https://www.redpacketsecurity.com/cve_alert_cve-2024-50457/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_50457
CVE Alert: CVE-2024-50457 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_50457
CVE Alert: CVE-2024-50457
Everyone that supports the site helps enable new functionality. Affected Endpoints:
CVE-2024-50457 | Qode Interactive Qode Essential Addons Plugin up to 1.6.3 on WordPress filename control
A vulnerability was found in Qode Interactive Qode Essential Addons Plugin up to 1.6.3 on WordPress. It has been declared as problematic . This vulnerability affects unknown code. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability was named CVE-2024-50457 . The attack can be initiated remotely. There is no exploit available.
CVE-2024-50457
High Severity Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. Read more at https://www.tenable.com/cve/CVE-2024-50457
See 5 more articles and social media posts