CVE-2024-8624

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Sep 24, 2024 / Updated: 57d ago

010
CVSS 9.9EPSS 0.05%Critical
CVE info copied to clipboard

Summary

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3. This vulnerability is due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. It affects authenticated users with Contributor-level access and above, allowing them to append additional SQL queries to existing queries.

Impact

This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious SQL queries, potentially leading to unauthorized access, modification, or deletion of sensitive data stored in the WordPress database. The impact is severe, with high risks to the confidentiality, integrity, and availability of the affected systems. Attackers could extract sensitive information, manipulate database contents, or potentially escalate their privileges within the WordPress installation.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A specific patch is not explicitly mentioned in the provided information. The vulnerability affects all versions of the MDTF – Meta Data and Taxonomies Filter plugin for WordPress up to and including version 1.3.3.3. Users should look for updates beyond version 1.3.3.3 or consider alternative mitigation strategies until a patch becomes available.

Mitigation

1. Temporarily disable the MDTF – Meta Data and Taxonomies Filter plugin if it's not critical for operations. 2. Implement strong access controls to limit the number of users with Contributor-level access or higher. 3. Use Web Application Firewall (WAF) rules to detect and block SQL injection attempts. 4. Regularly audit and monitor database activities for suspicious queries or unauthorized access attempts. 5. Keep WordPress core, themes, and other plugins up-to-date to minimize overall vulnerability exposure. 6. Consider upgrading to a version newer than 1.3.3.3 if available, or look for security announcements from the plugin developer.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8624. See article

Sep 24, 2024 at 2:50 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 24, 2024 at 2:50 AM
CVE Assignment

NVD published the first details for CVE-2024-8624

Sep 24, 2024 at 3:15 AM
CVSS

A CVSS base score of 9.9 has been assigned.

Sep 24, 2024 at 3:15 AM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152232)

Sep 24, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 20%)

Sep 24, 2024 at 9:33 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152237)

Sep 25, 2024 at 7:53 AM
Threat Intelligence Report

CVE-2024-8624 is a critical SQL Injection vulnerability with a CVSS score of 9.1 affecting the MDTF – Meta Data and Taxonomies Filter plugin for WordPress, present in all versions up to 1.3.3.3. This vulnerability allows authenticated attackers with Contributor-level access to extract sensitive information from the database. The summary does not provide information on exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts. See article

Sep 27, 2024 at 5:36 AM
Static CVE Timeline Graph

Affected Systems

Pluginus/wordpress_meta_data_and_taxonomies_filter
+null more

Patches

plugins.trac.wordpress.org
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

References

@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.

News

Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like ‘give_title’ and ‘card_address’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase–Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a–n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
Web Application Detections Published in September 2024
In September, Qualys released QIDs targeting vulnerabilities in several widely-used software products, including WordPress, Tiki Wiki CMS, Apache HTTP Server, XWiki, Apache OFBiz, Lunary-ai, GitLab, Adobe ColdFusion, Moodle CMS, Zimbra, JBoss EAP, Kibana, Drupal, Ivanti Endpoint Manager (EPM), Apache Tomcat, Joomla!, Nginx, Open Secure Sockets Layer (OpenSSL). Customers can get more details about the following QIDs in our knowledge base. Customers should review their reports for these detections. If any of the following are reported against their applications scanned, customers should follow the steps mentioned in the solution to ensure their systems are protected against the identified vulnerabilities. QID Title 152148 WordPress WPML Plugin: Remote Code Execution Vulnerability (CVE-2024-6386) 152150 WordPress Bit Form Plugin: SQL Injection Vulnerability (CVE-2024-7702) 152151 WordPress Bit Form Plugin: Arbitrary File Read And Delete Vulnerability (CVE-2024-7777) 152157 WordPress LiquidPoll Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-7134) 152158 WordPress GEO my WP Plugin: Local File Inclusion Vulnerability (CVE-2024-6330) 152159 WordPress AI Engine Plugin:
Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom--GiveWP Donation Plugin and Fundraising Platform The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase--Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a--n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.
CVE Alert: CVE-2024-8624 - https://www.redpacketsecurity.com/cve_alert_cve-2024-8624/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_8624
CVE Alert: CVE-2024-8624 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_8624
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI