CVE-2024-9047

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Oct 12, 2024 / Updated: 38d ago

010
CVSS 9.8EPSS 0.09%Critical
CVE info copied to clipboard

Summary

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This vulnerability allows unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.

Impact

This vulnerability has a high severity with a CVSS v3.1 base score of 9.8. It allows unauthenticated attackers to read or delete files outside the intended directory, potentially leading to unauthorized access to sensitive information, data theft, or system disruption. The attack vector is network-based, requires low complexity, and needs no user interaction, making it relatively easy to exploit. The impact on confidentiality, integrity, and availability is high, indicating that successful attacks could result in a complete compromise of the affected system's data and functionality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, since the vulnerability affects "all versions up to, and including, 4.24.11" of the WordPress File Upload plugin, it is likely that a patched version higher than 4.24.11 is available or will be released soon.

Mitigation

1. Update the WordPress File Upload plugin to a version higher than 4.24.11 as soon as a patched version becomes available. 2. If updating is not immediately possible, consider temporarily disabling the WordPress File Upload plugin until a patch is applied. 3. Upgrade PHP to a version higher than 7.4, as the vulnerability requires PHP 7.4 or earlier for successful exploitation. 4. Implement strict input validation and sanitization for all user-supplied data, especially in file handling functions. 5. Apply the principle of least privilege to WordPress user roles and file system permissions. 6. Regularly monitor and audit file access logs for any suspicious activities. 7. Implement a Web Application Firewall (WAF) to help detect and block potential path traversal attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9047. See article

Oct 12, 2024 at 7:05 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 12, 2024 at 7:05 AM
CVE Assignment

NVD published the first details for CVE-2024-9047

Oct 12, 2024 at 7:15 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 12, 2024 at 7:15 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 12, 2024 at 7:31 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 40%)

Oct 13, 2024 at 12:21 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152303)

Oct 15, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Iptanus/wordpress_file_upload
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

Web Application Detections Published in October 2024
In October, Qualys released QIDs targeting vulnerabilities in several widely used software products, including WordPress, Zohocorp ManageEngine Endpoint, Lobe Chat, Ivanti Virtual Traffic Manager (vTM), Traefik, Nginx Proxy Manager, Harbor, Haproxy, SolarWinds Access Rights Manager (ARM), Cacti, Ivanti Endpoint Manager Mobile (EPMM), JetBrains TeamCity, Palo Alto Networks Expedition, Progress Telerik Report Server, Zimbra, Oracle WebLogic Server, Apache Solr, FlatPress CMS, pgAdmin, Grafana, pfSense, SolarWinds Web Help Desk, Ivanti Avalanche, ReCrystallize Server, Joomla!, and PHP. The QIDs released to detect the vulnerabilities in the frameworks above are listed below. Details about the following QIDs can be found in our knowledge base. Please review reports of the scanned applications for these detections and, if any are identified follow the steps provided in the knowledge base to ensure applications are protected against the reported vulnerabilities. QID Title 152202 Zohocorp ManageEngine Endpoint Central Incorrect Authorization Vulnerability (CVE-2024-38868) 152206 WordPress Delicious Recipe Plugin: Arbitrary File Movement and Reading Vulnerability (CVE-2024-7626) 152207 WordPress Simple Spoiler Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8479) 152209 WordPress PropertyHive Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8490) 152210 WordPress Share This Image Plugin: Open Redirect Vulnerability (CVE-2024-8761) 152215 WordPress infolinks Ad Wrap Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8044) 152216 WordPress Bit File Manager Plugin:
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)
WordPress Plugins with Reported Vulnerabilities Last Week The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Update Sun Oct 13 14:25:38 UTC 2024
Update Sun Oct 13 14:25:38 UTC 2024
CVE Alert: CVE-2024-9047
Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. Everyone that supports the site helps enable new functionality.
CVE Alert: CVE-2024-9047 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9047/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9047
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI