CVE-2024-8671

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Sep 24, 2024 / Updated: 57d ago

010
CVSS 9.1EPSS 0.04%Critical
CVE info copied to clipboard

Summary

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in versions up to and including 4.1.2. This vulnerability allows unauthenticated attackers to overwrite arbitrary files on the server.

Impact

This vulnerability can easily lead to remote code execution when critical files are overwritten. For example, if an attacker overwrites the wp-config.php file, they could potentially gain full control of the WordPress site. The impact is severe, with a CVSS v3.1 base score of 9.1 (HIGH). The vulnerability affects the integrity and availability of the system, with both rated as HIGH impact. However, there is no direct impact on confidentiality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, since the vulnerability affects versions up to and including 4.1.2 of the WooEvents plugin, it is likely that an update addressing this issue will be or has been released. Users should check for and apply the latest version of the plugin as soon as it becomes available.

Mitigation

1. Update the WooEvents plugin to a version newer than 4.1.2 as soon as a patched version is available. 2. If an update is not immediately available, consider temporarily disabling the WooEvents plugin until a patch is released. 3. Implement strong input validation and sanitization for all user inputs, especially those related to file paths. 4. Use Web Application Firewalls (WAF) to help detect and block potential path traversal attempts. 5. Regularly audit and monitor file integrity, especially for critical WordPress files like wp-config.php. 6. Implement the principle of least privilege for file system permissions on the web server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8671. See article

Sep 24, 2024 at 3:14 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 24, 2024 at 3:14 AM
CVE Assignment

NVD published the first details for CVE-2024-8671

Sep 24, 2024 at 3:15 AM
CVSS

A CVSS base score of 9.1 has been assigned.

Sep 24, 2024 at 3:15 AM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 11.1%)

Sep 24, 2024 at 9:33 AM
Threat Intelligence Report

CVE-2024-8671 is a critical vulnerability in the WooEvents - Calendar and Event Booking plugin for WordPress, with a CVSS score of 9.9, allowing unauthenticated attackers to perform arbitrary file overwrite and execute remote code. The details provided do not specify whether the vulnerability is actively exploited in the wild, nor do they mention the availability of proof-of-concept exploits, mitigations, detections, or patches. Additionally, there is no information regarding potential downstream impacts on other third-party vendors or technologies. See article

Sep 27, 2024 at 5:36 AM
Static CVE Timeline Graph

Affected Systems

Exthemes/wooevents
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

References

@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.

News

Update Sun Nov 3 14:28:56 UTC 2024
Update Sun Nov 3 14:28:56 UTC 2024
Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like ‘give_title’ and ‘card_address’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase–Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a–n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom--GiveWP Donation Plugin and Fundraising Platform The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase--Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a--n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.
CVE Alert: CVE-2024-8671 - https://www.redpacketsecurity.com/cve_alert_cve-2024-8671/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_8671
CVE Alert: CVE-2024-8671 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_8671
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI