Platform
wordpress
Component
hacklog-downloadmanager
Opgelost in
2.1.5
CVE-2024-52401 is a critical Cross-Site Request Forgery (CSRF) vulnerability affecting Hacklog DownloadManager versions up to 2.1.4. This vulnerability allows an attacker to upload a web shell to a web server, potentially leading to complete server compromise. The vulnerability was published on November 19, 2024, and a fix is available in version 2.1.5.
The impact of this vulnerability is severe. A successful exploit allows an attacker to upload a web shell, effectively granting them remote code execution (RCE) on the affected server. This can lead to complete system takeover, data theft, modification, or deletion, and the installation of malware. The attacker could also leverage the compromised server to launch further attacks against other systems within the network, significantly expanding the blast radius. The ability to upload arbitrary code makes this a high-priority vulnerability requiring immediate attention.
This vulnerability is considered highly exploitable due to the ease of CSRF attacks and the potential for complete system compromise. While no public exploits have been widely reported, the severity of the vulnerability and the potential impact make it a likely target for attackers. The vulnerability has been added to the CISA KEV catalog, indicating a heightened risk. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
WordPress websites utilizing Hacklog DownloadManager, particularly those running older, unpatched versions (≤2.1.4), are at significant risk. Shared hosting environments are especially vulnerable as they often lack the ability to directly update plugins, making users reliant on hosting provider intervention. Sites with weak security configurations or those that haven't implemented robust input validation are also at increased risk.
• wordpress / composer / npm:
grep -r 'hacklog_download_manager/includes/upload.php' /var/www/html/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/hacklog-download-manager/includes/upload.php | grep -i 'content-type: multipart/form-data'• wordpress / composer / npm:
wp plugin list | grep hacklog-download-managerdisclosure
Exploit Status
EPSS
0.09% (26% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade Hacklog DownloadManager to version 2.1.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include implementing strict Content Security Policy (CSP) headers to restrict script execution from untrusted sources. Additionally, implement robust input validation and sanitization on all user-supplied data to prevent malicious code from being injected. Monitor web server access logs for suspicious activity, particularly attempts to upload files to unexpected locations. After upgrading, confirm the fix by attempting to trigger the CSRF vulnerability using a known payload and verifying that the upload is blocked.
Update de Hacklog DownloadManager plugin naar de laatste beschikbare versie. De kwetsbaarheid maakt willekeurige bestandsuploads mogelijk, wat de beveiliging van je website in gevaar kan brengen. Controleer of de bijgewerkte versie de correctie voor de CSRF kwetsbaarheid bevat.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-52401 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Hacklog DownloadManager versions up to 2.1.4, allowing attackers to upload web shells and potentially gain complete control of the server.
You are affected if your WordPress site uses Hacklog DownloadManager version 2.1.4 or earlier. Check your plugin version immediately to determine your risk level.
Upgrade Hacklog DownloadManager to version 2.1.5 or later. If immediate upgrade isn't possible, implement temporary mitigations like CSP and input validation.
While no widespread exploitation has been confirmed, the vulnerability's severity and potential impact make it a likely target. Monitor for suspicious activity and stay informed about security advisories.
Refer to the Hacklog DownloadManager website and WordPress plugin repository for the latest advisory and updates regarding CVE-2024-52401.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.