FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-8252

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)

Published: Aug 30, 2024 / Updated: 2mo ago

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in versions up to and including 1.14.5. The vulnerability is exploitable through the 'template' attribute of the clean-login-register shortcode. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server, potentially leading to the execution of any PHP code within those files.

Impact

This vulnerability has a high severity with a CVSS v3.1 base score of 8.8. The potential impacts are severe: 1. Bypass of access controls: Attackers could gain unauthorized access to restricted areas of the WordPress site. 2. Data breach: Sensitive information could be exposed, potentially including user data, configuration files, or other confidential information stored on the server. 3. Code execution: In cases where "safe" file types like images can be uploaded and included, attackers might achieve arbitrary code execution on the server. 4. Site compromise: The vulnerability could lead to full compromise of the WordPress site, allowing attackers to deface the site, inject malicious code, or use the server for further attacks. 5. Lateral movement: If the WordPress installation is on a shared server, the attacker might be able to access other websites or services on the same server. The attack vector is network-based, requires low attack complexity, and only low privileges (Contributor-level access), making it relatively easy to exploit for authenticated users.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in version 1.14.6 of the Clean Login plugin. WordPress site administrators should update to this version or later as soon as possible.

Mitigation

1. Update the Clean Login plugin to version 1.14.6 or later immediately. 2. If immediate updating is not possible, consider temporarily disabling the Clean Login plugin until it can be updated. 3. Implement the principle of least privilege: review and restrict user roles and permissions, especially for Contributor-level accounts and above. 4. Enable and configure a Web Application Firewall (WAF) to help detect and block potential exploit attempts. 5. Regularly monitor WordPress and server logs for any suspicious activities, especially those related to file inclusions or unexpected PHP executions. 6. Ensure that file upload functionality is strictly controlled and that uploaded files are properly sanitized and stored in a location that cannot be directly executed by the web server. 7. Keep WordPress core, all themes, and other plugins up-to-date to minimize overall attack surface. 8. Implement regular and secure backups of the WordPress site to enable quick recovery in case of a successful exploit. 9. Consider using a security plugin that can monitor for file changes and unexpected behaviors on your WordPress site.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8252. See article

Aug 30, 2024 at 9:38 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 30, 2024 at 9:40 AM
CVE Assignment

NVD published the first details for CVE-2024-8252

Aug 30, 2024 at 10:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Aug 30, 2024 at 10:20 AM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Aug 31, 2024 at 9:49 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152180)

Sep 10, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Codection/clean_login
+null more

Patches

plugins.trac.wordpress.org
+null more

Links to Mitre Att&cks

T1055: Process Injection
+null more

Attack Patterns

CAPEC-193: PHP Remote File Inclusion
+null more

News

Web Application Detections Published in September 2024
Qualys Notifications / 50d
In September, Qualys released QIDs targeting vulnerabilities in several widely-used software products, including WordPress, Tiki Wiki CMS, Apache HTTP Server, XWiki, Apache OFBiz, Lunary-ai, GitLab, Adobe ColdFusion, Moodle CMS, Zimbra, JBoss EAP, Kibana, Drupal, Ivanti Endpoint Manager (EPM), Apache Tomcat, Joomla!, Nginx, Open Secure Sockets Layer (OpenSSL). Customers can get more details about the following QIDs in our knowledge base. Customers should review their reports for these detections. If any of the following are reported against their applications scanned, customers should follow the steps mentioned in the solution to ensure their systems are protected against the identified vulnerabilities. QID Title 152148 WordPress WPML Plugin: Remote Code Execution Vulnerability (CVE-2024-6386) 152150 WordPress Bit Form Plugin: SQL Injection Vulnerability (CVE-2024-7702) 152151 WordPress Bit Form Plugin: Arbitrary File Read And Delete Vulnerability (CVE-2024-7777) 152157 WordPress LiquidPoll Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-7134) 152158 WordPress GEO my WP Plugin: Local File Inclusion Vulnerability (CVE-2024-6330) 152159 WordPress AI Engine Plugin:
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)
WordPress Security Archives - Wordfence / 2mo
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. Last week, there were 145 vulnerabilities disclosed in 100 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week.
US-CERT Vulnerability Summary for the Week of August 26, 2024
RedPacket Security / 2mo
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links.
Vulnerability Summary for the Week of August 26, 2024
Cybersecurity and Infrastructure Security Agency CISA / 2mo
Vulnerability Summary for the Week of August 26, 2024 bjackson Sep 03, 2024 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info Adobe--Acrobat Reader Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-08-26 7.8 CVE-2024-41879 psirt@adobe.com aertherwide -- exiftags Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. 2024-08-27 7.8 CVE-2024-42851 cve@mitre.org angeljudesuarez -- tailoring_management_system A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file staffcatedit.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-08-26 9.8 CVE-2024-8171 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com angeljudesuarez -- tailoring_management_system A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical.
Update Sun Sep 1 14:36:31 UTC 2024
Recent Commits to cve:main / 2mo
Update Sun Sep 1 14:36:31 UTC 2024
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-98(62)CWE-829(143)Codection(22)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial