Plattform
wordpress
Komponente
lenxel-core
Behoben in
1.2.6
CVE-2024-53790 describes a Path Traversal vulnerability discovered in Ogun Labs Lenxel Core for Lenxel(LNX) LMS. This flaw allows unauthorized access to sensitive files on the server by manipulating file paths. Versions of Lenxel Core for Lenxel(LNX) LMS prior to 1.2.6 are affected, and a patch is now available.
The Path Traversal vulnerability in Lenxel Core allows attackers to bypass access controls and retrieve arbitrary files from the server's file system. This could include configuration files containing database credentials, source code, or other sensitive information. Successful exploitation could lead to complete compromise of the LMS system, data breaches, and potential disruption of services. The impact is amplified if the LMS stores personally identifiable information (PII) or other regulated data, potentially leading to compliance violations and legal repercussions. The ability to read arbitrary files opens the door to further attacks, such as code execution if the attacker can locate and modify executable files.
CVE-2024-53790 was publicly disclosed on December 9, 2024. The vulnerability's severity is rated HIGH (CVSS 7.5). Currently, there are no publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog at the time of this writing. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations utilizing Lenxel Core for Lenxel(LNX) LMS, particularly those with publicly accessible LMS instances or those who haven't implemented robust file access controls, are at risk. Shared hosting environments where multiple users share the same server are also at increased risk, as a compromised user account could be leveraged to exploit this vulnerability.
• wordpress / composer / npm:
grep -r '../' /var/www/html/lenxel-core/*
grep -r '\.\.\/' /var/www/html/lenxel-core/*• generic web:
curl -I 'http://your-lms-url/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.34% (57% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-53790 is to immediately upgrade Lenxel Core for Lenxel(LNX) LMS to version 1.2.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions and implementing strict input validation to prevent path manipulation. Web Application Firewalls (WAFs) can be configured with rules to block requests containing suspicious path traversal patterns (e.g., '../'). Regularly review and audit file system permissions to ensure they adhere to the principle of least privilege. After upgrading, confirm the vulnerability is resolved by attempting to access a file outside the intended directory and verifying that access is denied.
Actualice el plugin Lenxel Core a la última versión disponible. La vulnerabilidad de inclusión de archivos locales permite a usuarios no autorizados acceder a archivos sensibles del servidor. La actualización corrige esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-53790 is a Path Traversal vulnerability allowing attackers to access files outside of intended directories in Lenxel Core for Lenxel(LNX) LMS, potentially exposing sensitive data.
Yes, if you are using Lenxel Core for Lenxel(LNX) LMS versions 1.2.5 and earlier, you are affected by this vulnerability.
Upgrade Lenxel Core for Lenxel(LNX) LMS to version 1.2.6 or later to resolve this vulnerability. Consider WAF rules as a temporary mitigation.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and remediation.
Please refer to the Ogun Labs website and Lenxel Core documentation for the official advisory and further details regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.