Platform
wordpress
Component
lenxel-core
Fixed in
1.2.6
CVE-2024-53790 describes a Path Traversal vulnerability discovered in Ogun Labs Lenxel Core for Lenxel(LNX) LMS. This flaw allows unauthorized access to sensitive files on the server by manipulating file paths. Versions of Lenxel Core for Lenxel(LNX) LMS prior to 1.2.6 are affected, and a patch is now available.
The Path Traversal vulnerability allows an attacker to bypass intended access restrictions and retrieve files from directories they should not be able to access. In the context of Lenxel Core for Lenxel(LNX) LMS, this could expose sensitive configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the LMS system and potentially the underlying server. The attacker could gain access to user data, modify content, or execute arbitrary code if the retrieved files contain executable scripts.
CVE-2024-53790 was published on December 9, 2024. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's severity is rated HIGH, indicating a potential for significant impact. It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time.
Exploit Status
EPSS
0.34% (57% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-53790 is to upgrade Lenxel Core for Lenxel(LNX) LMS to version 1.2.6 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests containing path traversal attempts (e.g., '../' sequences). Restrict file permissions on the server to limit the impact of potential file access. Regularly review and audit file access logs for suspicious activity. After upgrading, confirm the vulnerability is resolved by attempting a path traversal request and verifying that access is denied.
Actualice el plugin Lenxel Core a la última versión disponible. La vulnerabilidad de inclusión de archivos locales permite a usuarios no autorizados acceder a archivos sensibles del servidor. La actualización corrige esta vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-53790 is a Path Traversal vulnerability allowing attackers to access files outside of intended directories in Lenxel Core for Lenxel(LNX) LMS, potentially exposing sensitive data.
Yes, if you are using Lenxel Core for Lenxel(LNX) LMS versions 1.2.5 and earlier, you are affected by this vulnerability.
Upgrade Lenxel Core for Lenxel(LNX) LMS to version 1.2.6 or later to resolve this vulnerability. Consider WAF rules as a temporary mitigation.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and remediation.
Please refer to the Ogun Labs website and Lenxel Core documentation for the official advisory and further details regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.