CVE-2024-10571 Scanner
CVE-2024-10571 Scanner - Local File Inclusion (LFI) vulnerability in Chartify - WordPress Chart Plugin
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
11 days 4 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Chartify - WordPress Chart Plugin is commonly utilized by website administrators and developers to create and manage charts on WordPress-powered websites efficiently. It is developed by Ays-Pro and offers a range of functionalities to facilitate dynamic chart creation and seamless integration into WordPress environments. With its intuitive interface, the plugin is popular among WordPress users aiming to visualize data in an engaging manner. Organizations and individuals who manage WordPress sites often rely on such plugins to enhance user interaction by showcasing data trends and insights visually. Consequently, the plugin has found its place in diverse industries, including education, finance, and e-commerce, facilitating data-driven decision-making processes.
The Local File Inclusion (LFI) vulnerability in the Chartify - WordPress Chart Plugin allows unauthorized attackers to include arbitrary files from the server. This occurs via the 'source' parameter, leading to potential execution of malicious PHP code. Such vulnerabilities can circumvent access controls and expose sensitive information or allow remote code execution. It poses a threat to servers by potentially granting attackers unauthorized access and control over server functionalities. The ramifications of this flaw can be severe, as it can facilitate further attacks or unauthorized data access, thus compromising the security and integrity of the affected systems.
Technically, this vulnerability can be exploited through crafted HTTP POST requests to the WordPress admin-ajax.php with specific parameters. The 'source' parameter is vulnerable, allowing path traversal attacks to access and execute files outside the intended directory. An attacker can leverage this by uploading files to locations accessible by the web server and including them via the vulnerable parameter. The presence of PHPSESSID in the header response indicates successful exploitation. Additionally, the vulnerability can be used to access files related to the plugin's functionality, such as "ays-chart-heading-box" components, potentially leading to unauthorized data inclusion.
Exploiting this vulnerability can have various serious effects, including unauthorized access to sensitive data and files on the server, execution of malicious scripts, and potentially full control over the affected server. The exploitation can lead to data breaches, loss of confidentiality, and integrity of sensitive information stored on the WordPress site. Attackers may use this foothold to launch further attacks on internal networks or other connected systems. The compromise of a WordPress server through this plugin can have cascading effects, disrupting business operations and damaging reputation significantly.
REFERENCES
- https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cve
- https://github.com/RandomRobbieBF/CVE-2024-10571
- https://nvd.nist.gov/vuln/detail/CVE-2024-10571