CVE-2024-52386

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)

Published: Nov 16, 2024 / Updated: 3d ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-52386

Nov 16, 2024 at 10:15 PM
CVSS

A CVSS base score of 5.3 has been assigned.

Nov 16, 2024 at 10:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-52386. See article

Nov 16, 2024 at 10:21 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 17, 2024 at 9:46 AM
Static CVE Timeline Graph

Affected Systems

Radiustheme/classified_listing
+null more

Attack Patterns

CAPEC-193: PHP Remote File Inclusion
+null more

News

CVE Alert: CVE-2024-52386
Affected Endpoints: Everyone that supports the site helps enable new functionality.
CVE-2024-52386
Medium Severity Description Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1. Read more at https://www.tenable.com/cve/CVE-2024-52386
CVE-2024-52386 | RadiusTheme Classified Listing Plugin up to 3.1.15.1 on WordPress filename control
A vulnerability was found in RadiusTheme Classified Listing Plugin up to 3.1.15.1 on WordPress. It has been classified as problematic . Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-52386 . It is possible to launch the attack remotely. There is no exploit available.
NA - CVE-2024-52386 - Improper Control of Filename for...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing...
WordPress Classified Listing plugin <= 3.1.15.1 - Local File Inclusion vulnerability
Business Directory Team By Radiustheme - MEDIUM - CVE-2024-52386 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI