CVE-2023-4634
Description
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.
NVD
Severity: N/A
CVE ID: CVE-2023-4634
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.
Wordfence
Severity: CRITICAL
CVE ID: CVE-2023-4634
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-4634
Refrence: Project Discovery GitHub
Patrowl
CVE-2023-4634
Refrence: GitHub
Content on GitHub
vinnie1717 | watchers:0
CVE-2023-46344
Refrence: GitHub