प्लेटफ़ॉर्म
wordpress
घटक
osm
में ठीक किया गया
6.0.3
CVE-2024-3604 describes a SQL Injection vulnerability discovered in the OSM – OpenStreetMap WordPress plugin. This flaw allows authenticated attackers, possessing contributor-level access or higher, to inject malicious SQL queries. The vulnerability affects versions up to and including 6.0.2. A patch is available, requiring plugin upgrade.
The SQL Injection vulnerability in OSM – OpenStreetMap allows an attacker to manipulate database queries. By injecting arbitrary SQL code through the 'taggedfilter' attribute of the 'osmmap_v3' shortcode, an attacker can potentially extract sensitive data stored within the WordPress database. This could include user credentials, configuration details, or other critical information. Successful exploitation could lead to complete database compromise and potentially full control of the WordPress site. The impact is amplified if the database contains sensitive user data or is connected to other critical systems.
CVE-2024-3604 was publicly disclosed on 2024-07-09. No public proof-of-concept (POC) code has been released at the time of writing, but the vulnerability's severity and ease of exploitation suggest a potential for rapid exploitation. It is not currently listed on the CISA KEV catalog. The vulnerability requires authenticated access, limiting the immediate attack surface, but the potential impact warrants immediate attention.
WordPress websites utilizing the OSM – OpenStreetMap plugin, particularly those with users granted contributor-level access or higher, are at risk. Shared hosting environments where multiple WordPress sites share the same database are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "osm_map_v3 shortcode tagged_filter" /var/www/html/wp-content/plugins/osm-map-v3/• wordpress / composer / npm:
wp plugin list | grep "osm-map-v3"• wordpress / composer / npm:
curl -I <wordpress_site>/wp-content/plugins/osm-map-v3/readme.txt | grep Versiondisclosure
एक्सप्लॉइट स्थिति
EPSS
0.69% (72% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-3604 is to immediately upgrade the OSM – OpenStreetMap WordPress plugin to a version that addresses the vulnerability. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the 'taggedfilter' parameter or implementing stricter input validation on the server-side. While a WAF might offer some protection, it's not a substitute for patching the plugin. After upgrading, verify the fix by attempting to inject a simple SQL query through the 'taggedfilter' parameter and confirming that it is properly sanitized.
Actualice el plugin OSM – OpenStreetMap a la última versión disponible. La versión más reciente contiene la corrección para la vulnerabilidad de inyección SQL. Si no puede actualizar inmediatamente, considere deshabilitar el plugin temporalmente.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-3604 is a critical SQL Injection vulnerability affecting the OSM – OpenStreetMap WordPress plugin versions up to 6.0.2. It allows authenticated attackers to inject SQL code and potentially extract sensitive data.
You are affected if you are using the OSM – OpenStreetMap WordPress plugin version 6.0.2 or earlier. Check your plugin version and upgrade immediately if necessary.
The fix is to upgrade the OSM – OpenStreetMap WordPress plugin to a patched version. Consult the plugin developer's website for the latest version and installation instructions.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for rapid exploitation. Monitor your systems closely.
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and updates regarding CVE-2024-3604.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।