Platform
wordpress
Component
abcapp-creator
Fixed in
1.1.3
CVE-2024-44023 describes a Path Traversal vulnerability within ABCApp Creator, allowing for PHP Local File Inclusion. This vulnerability can lead to unauthorized access and potential data exposure. It impacts versions of ABCApp Creator up to and including 1.1.2, with a fix available in version 1.1.3.
The Path Traversal vulnerability allows an attacker to include arbitrary files from the server's filesystem. By manipulating file paths, an attacker can potentially read sensitive configuration files, source code, or even execute malicious code through PHP's include functionality. Successful exploitation could lead to complete system compromise, data breaches, and denial of service. The ability to include arbitrary files significantly expands the attack surface beyond simple information disclosure, potentially enabling remote code execution depending on the files included.
CVE-2024-44023 was publicly disclosed on 2024-10-05. No known public proof-of-concept exploits are currently available, but the vulnerability's nature makes it likely that exploits will emerge. The vulnerability is not currently listed on CISA KEV. Given the ease of exploitation inherent in Path Traversal vulnerabilities, it is considered a high-priority issue.
Exploit Status
EPSS
0.87% (75% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-44023 is to upgrade ABCApp Creator to version 1.1.3 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing strict file access controls on the server to limit the attacker's ability to read sensitive files. Web Application Firewalls (WAFs) can be configured with rules to block requests containing path traversal attempts (e.g., ../ sequences). Review and restrict the permissions of the PHP user account to minimize potential damage if exploitation occurs. After upgrading, confirm the vulnerability is resolved by attempting a path traversal request and verifying that access is denied.
Actualice el plugin ABCApp Creator a la última versión disponible. Si no hay una versión más reciente, considere deshabilitar o eliminar el plugin hasta que se publique una versión corregida. Consulte el sitio web del desarrollador para obtener más información y actualizaciones.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-44023 is a Path Traversal vulnerability in ABCApp Creator allowing PHP Local File Inclusion, potentially exposing sensitive data.
You are affected if you are using ABCApp Creator versions 1.1.2 or earlier. Upgrade to 1.1.3 to resolve the issue.
Upgrade ABCApp Creator to version 1.1.3 or later. Implement file access controls and WAF rules as temporary mitigations.
While no public exploits are currently known, the vulnerability's nature makes exploitation likely. Monitor your systems for suspicious activity.
Refer to the ABCApp Creator official website or security advisory channels for the latest information and updates regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.