Plattform
wordpress
Komponente
wp-file-checker
Behoben in
0.6.1
CVE-2024-35743 describes an Arbitrary File Access vulnerability within the SC filechecker component. This vulnerability allows attackers to potentially manipulate files on the system through path traversal techniques. It impacts versions of SC filechecker prior to 0.6, and a fix is available in version 0.6.1.
The Arbitrary File Access vulnerability allows an attacker to read or write files outside of the intended directory. This could lead to the exposure of sensitive configuration files, source code, or even system files. A successful exploit could grant an attacker unauthorized access to the server, potentially leading to complete system compromise. The ability to write arbitrary files could also be leveraged to execute malicious code, further escalating the attack. This vulnerability is particularly concerning given its potential to impact WordPress installations, which often handle sensitive user data.
This vulnerability was publicly disclosed on 2024-06-10. There are currently no known public exploits or active campaigns targeting this vulnerability. Its inclusion in the WordPress ecosystem warrants attention, and monitoring for exploitation is recommended. The CVSS score of 8.6 indicates a high probability of exploitation if left unpatched.
WordPress websites using the SC filechecker plugin, particularly those running versions prior to 0.6.1, are at risk. Shared hosting environments where users have limited control over plugin updates are especially vulnerable. Sites with misconfigured file permissions are also at increased risk.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/sc-filechecker/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/sc-filechecker/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.17% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-35743 is to upgrade SC filechecker to version 0.6.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Carefully review the SC filechecker configuration to ensure that file access restrictions are properly enforced. Monitor access logs for suspicious activity, particularly requests containing unusual path components. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Actualice el plugin SC filechecker a una versión posterior a la 0.6. Si no hay una versión disponible, considere desinstalar el plugin hasta que se publique una versión corregida. Esto evitará la eliminación arbitraria de archivos en su servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-35743 is a HIGH severity vulnerability allowing attackers to manipulate files via path traversal in SC filechecker versions up to 0.6, potentially leading to server compromise.
You are affected if you are using SC filechecker versions prior to 0.6.1. Check your plugin version and upgrade immediately if necessary.
Upgrade SC filechecker to version 0.6.1 or later to resolve this vulnerability. Consider implementing file access controls as an additional precaution.
Currently, there are no known active exploits targeting CVE-2024-35743, but it's crucial to apply the patch promptly to prevent future exploitation.
Refer to the official SC filechecker project website or repository for the latest security advisories and updates related to CVE-2024-35743.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.