.. / CVE-2023-4634

Exploit for Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion (CVE-2023-4634)

Description:

A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.

Nuclei Template

View the template here CVE-2023-4634.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-4634.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4634
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
https://cve.report/CVE-2023-4634
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4
https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz
https://fr.wordpress.org/plugins/media-library-assistant/advanced/