Plattform
wordpress
Komponente
abcapp-creator
Behoben in
1.1.3
CVE-2024-44023 identifies a Path Traversal vulnerability within ABCApp Creator, enabling PHP Local File Inclusion. This allows an attacker to potentially access and include arbitrary files on the server. The vulnerability impacts versions of ABCApp Creator up to and including 1.1.2, with a fix available in version 1.1.3.
Successful exploitation of CVE-2024-44023 allows an attacker to read sensitive files from the server's file system. This could include configuration files containing database credentials, source code, or other confidential data. The attacker could leverage this access to escalate privileges, compromise the entire WordPress installation, or exfiltrate sensitive information. The potential impact is significant, as the attacker gains the ability to read files outside of the intended application directory. This vulnerability shares similarities with other Local File Inclusion exploits, where attackers leverage path manipulation to access unauthorized resources.
CVE-2024-44023 was publicly disclosed on 2024-10-05. The vulnerability's severity is considered HIGH (CVSS: 8.1). Currently, there are no publicly available exploits or confirmed active campaigns targeting this vulnerability. Monitor security advisories and threat intelligence feeds for any updates.
Websites utilizing ABCApp Creator, particularly those running older versions (≤1.1.2), are at risk. Shared hosting environments are especially vulnerable as they often have limited control over server configurations and file permissions. Sites with misconfigured file access controls or inadequate WAF protection are also at increased risk.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/abcapp-creator/*• generic web:
curl -I 'http://your-website.com/index.php?page=../../../../etc/passwd'• wordpress / composer / npm:
wp plugin list --status=inactive | grep abcapp-creator• wordpress / composer / npm:
find /var/www/html/wp-content/plugins/abcapp-creator/ -name '*.php' -print0 | xargs -0 grep -i 'include('disclosure
Exploit-Status
EPSS
0.87% (75% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-44023 is to immediately upgrade ABCApp Creator to version 1.1.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server. Review and harden WordPress file permissions to limit the impact of potential exploitation. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to access files outside of the intended application directory. Monitor access logs for suspicious file access patterns.
Actualice el plugin ABCApp Creator a la última versión disponible. Si no hay una versión más reciente, considere deshabilitar o eliminar el plugin hasta que se publique una versión corregida. Consulte el sitio web del desarrollador para obtener más información y actualizaciones.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-44023 is a Path Traversal vulnerability in ABCApp Creator allowing PHP Local File Inclusion, potentially exposing sensitive data.
You are affected if you are using ABCApp Creator versions 1.1.2 or earlier. Upgrade to 1.1.3 to resolve the issue.
Upgrade ABCApp Creator to version 1.1.3 or later. Implement file access controls and WAF rules as temporary mitigations.
While no public exploits are currently known, the vulnerability's nature makes exploitation likely. Monitor your systems for suspicious activity.
Refer to the ABCApp Creator official website or security advisory channels for the latest information and updates regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.