CVE-2024-9575

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 8.5EPSS 0.04%High
CVE info copied to clipboard

Summary

A Local File Inclusion vulnerability has been identified in the pretix Widget WordPress plugin for Windows. This vulnerability affects versions 1.0.0 through 1.0.5 of the plugin and allows for PHP Local File Inclusion.

Impact

This vulnerability could allow an attacker to include and execute arbitrary PHP files on the affected system, potentially leading to unauthorized access, data theft, or system compromise. The attack vector is network-based with low attack complexity, requiring high privileges and passive user interaction. The vulnerability has a high impact on the confidentiality, integrity, and availability of the vulnerable system, with a lower subsequent impact on connected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information, there is no mention of an available patch. Users should monitor the plugin's official channels for updates and patch information.

Mitigation

Until a patch is available, consider the following mitigation strategies: 1. Temporarily disable the pretix Widget WordPress plugin if it's not critical to operations. 2. Implement strong access controls to limit high-privilege access to the WordPress installation. 3. Monitor system logs for any suspicious file inclusion attempts. 4. Keep the WordPress core, all plugins, and themes updated to their latest versions. 5. Implement Web Application Firewall (WAF) rules to detect and block potential Local File Inclusion attempts. 6. Consider using PHP security modules like suhosin to restrict PHP's ability to include remote files.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9575

Oct 9, 2024 at 10:15 AM
CVSS

A CVSS base score of 8.5 has been assigned.

Oct 9, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9575. See article

Oct 9, 2024 at 10:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 9, 2024 at 10:21 AM
CVSS

A CVSS base score of 8.1 has been assigned.

Oct 9, 2024 at 2:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 11.2%)

Oct 10, 2024 at 10:30 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152299)

Oct 14, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Rami/pretix
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

Web Application Detections Published in October 2024
In October, Qualys released QIDs targeting vulnerabilities in several widely used software products, including WordPress, Zohocorp ManageEngine Endpoint, Lobe Chat, Ivanti Virtual Traffic Manager (vTM), Traefik, Nginx Proxy Manager, Harbor, Haproxy, SolarWinds Access Rights Manager (ARM), Cacti, Ivanti Endpoint Manager Mobile (EPMM), JetBrains TeamCity, Palo Alto Networks Expedition, Progress Telerik Report Server, Zimbra, Oracle WebLogic Server, Apache Solr, FlatPress CMS, pgAdmin, Grafana, pfSense, SolarWinds Web Help Desk, Ivanti Avalanche, ReCrystallize Server, Joomla!, and PHP. The QIDs released to detect the vulnerabilities in the frameworks above are listed below. Details about the following QIDs can be found in our knowledge base. Please review reports of the scanned applications for these detections and, if any are identified follow the steps provided in the knowledge base to ensure applications are protected against the reported vulnerabilities. QID Title 152202 Zohocorp ManageEngine Endpoint Central Incorrect Authorization Vulnerability (CVE-2024-38868) 152206 WordPress Delicious Recipe Plugin: Arbitrary File Movement and Reading Vulnerability (CVE-2024-7626) 152207 WordPress Simple Spoiler Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8479) 152209 WordPress PropertyHive Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8490) 152210 WordPress Share This Image Plugin: Open Redirect Vulnerability (CVE-2024-8761) 152215 WordPress infolinks Ad Wrap Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8044) 152216 WordPress Bit File Manager Plugin:
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)
WordPress Plugins with Reported Vulnerabilities Last Week The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Security Bulletin 16 Oct 2024 - Cyber Security Agency of Singapore
https:// nvd . nist .gov/vuln/detail/ CVE -2024-9985. CVE -2024-47875, DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML ...
NA - CVE-2024-9575 - Local File Inclusion vulnerability in pretix...
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through...
CVE-2024-9575 | rami.io pretix Widget plugin up to 1.0.5 on WordPress path traversal
A vulnerability classified as critical has been found in rami.io pretix Widget plugin up to 1.0.5 on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-9575 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI