Plattform
wordpress
Komponente
globe-gateway-e4
Behoben in
2.0.1
CVE-2024-52371 describes an Arbitrary File Access vulnerability within the Global Gateway e4 | Payeezy Gateway. This flaw allows an attacker to potentially read arbitrary files on the server by manipulating file paths. The vulnerability impacts versions of the gateway up to and including 2.0, and a fix is available in version 2.0.1.
The Arbitrary File Access vulnerability allows an attacker to read any file accessible by the web server process. This includes configuration files, source code, database credentials, and potentially even user data. Successful exploitation could lead to complete compromise of the system, data exfiltration, and further malicious activity. The impact is amplified if the gateway is used to process sensitive financial information, as attackers could gain access to payment card details or other personally identifiable information (PII).
This CVE was published on 2024-11-14. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's severity is rated HIGH, indicating a significant risk if exploited. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the Global Gateway e4 | Payeezy Gateway plugin, particularly those running versions 2.0 or earlier, are at significant risk. Shared hosting environments where file permissions are not strictly controlled are also more vulnerable, as an attacker could potentially leverage this vulnerability to access files belonging to other users on the same server.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/global-gateway-e4-payeezy-gateway/• generic web:
curl -I 'https://your-website.com/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.22% (44% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to version 2.0.1, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing strict input validation to prevent path traversal attacks. Web Application Firewalls (WAFs) can be configured with rules to block requests containing suspicious path manipulation attempts. Regularly review and update server configurations to minimize the attack surface.
Actualice el plugin Global Gateway e4 | Payeezy Gateway a una versión posterior a la 2.0. Si no hay una versión disponible, considere deshabilitar o eliminar el plugin hasta que se publique una versión corregida. Consulte el sitio web del proveedor para obtener más información y actualizaciones.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-52371 is a HIGH severity vulnerability allowing attackers to read files on a server through path manipulation. It affects Global Gateway e4 | Payeezy Gateway versions up to 2.0.
If you are using Global Gateway e4 | Payeezy Gateway version 2.0 or earlier, you are potentially affected. Upgrade to 2.0.1 to mitigate the risk.
Upgrade to version 2.0.1 of the Global Gateway e4 | Payeezy Gateway plugin. If upgrading is not immediately possible, implement file access controls and WAF rules.
While no active exploitation is confirmed, the vulnerability's nature suggests it could be exploited once a proof-of-concept is released.
Refer to the vendor's official security advisory for the most up-to-date information and guidance: [DonnellC Security Advisory - Replace with actual link when available]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.