Plattform
wordpress
Komponente
ahime-image-printer
Behoben in
1.0.1
CVE-2024-49245 describes an Arbitrary File Access vulnerability within the Ahime Image Printer plugin for WordPress. This flaw allows attackers to potentially read arbitrary files on the server by exploiting improper path validation. Versions of Ahime Image Printer prior to 1.0.1 are affected, and a patch is available in version 1.0.1.
The Arbitrary File Access vulnerability allows an attacker to read arbitrary files from the server's file system. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to a complete compromise of the WordPress instance, enabling attackers to execute arbitrary code, steal data, or deface the website. The impact is amplified if the server hosts other sensitive applications or data.
This vulnerability was publicly disclosed on 2024-10-16. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation is relatively high due to the path traversal nature of the vulnerability.
WordPress websites utilizing the Ahime Image Printer plugin, particularly those running older versions (≤1.0.0), are at risk. Shared hosting environments where users have limited control over plugin configurations are especially vulnerable, as are sites with weak server file access controls.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/ahime-image-printer/• generic web:
curl -I http://your-wordpress-site.com/wp-content/plugins/ahime-image-printer/../../../../etc/passwddisclosure
Exploit-Status
EPSS
0.25% (48% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-49245 is to immediately upgrade Ahime Image Printer to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Additionally, restrict file upload permissions and carefully review any user-supplied input to prevent malicious file path manipulation. After upgrading, confirm the vulnerability is resolved by attempting to access a non-existent file via a path traversal request.
Actualice el plugin Ahime Image Printer a una versión posterior a la 1.0.0. Si no hay una versión disponible, considere desinstalar el plugin hasta que se publique una versión corregida. Esto evitará la descarga arbitraria de archivos en su servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-49245 is a vulnerability in Ahime Image Printer allowing attackers to read arbitrary files on the server due to improper path validation. It has a CVSS score of 7.5 (HIGH).
You are affected if you are using Ahime Image Printer version 1.0.0 or earlier. Upgrade to 1.0.1 to mitigate the risk.
Upgrade the Ahime Image Printer plugin to version 1.0.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file upload directories.
As of October 2024, there are no known public exploits or active campaigns targeting CVE-2024-49245.
Check the Ahime Image Printer plugin page on WordPress.org for updates and security advisories related to CVE-2024-49245.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.