CVE-2024-3136 Scanner
CVE-2024-3136 scanner - Local File Inclusion (LFI) vulnerability in MasterStudy LMS plugin for WordPress
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
MasterStudy LMS is a popular learning management system plugin for WordPress, utilized by educators and institutions to create and manage online courses. It provides various tools for creating interactive lessons, quizzes, and multimedia content. Administrators and instructors use it to facilitate learning, track student progress, and enhance the educational experience. The software integrates seamlessly with WordPress, making it a flexible and widely adopted solution. Its user-friendly interface and robust features support a wide range of e-learning scenarios.
The Local File Inclusion (LFI) vulnerability in MasterStudy LMS plugin up to version 3.3.3 allows unauthenticated attackers to include and execute arbitrary files on the server. This vulnerability exists due to improper handling of the 'template' parameter. Exploiting this flaw can lead to unauthorized file access, data leakage, and potential code execution. The critical nature of this issue necessitates immediate attention and remediation.
The MasterStudy LMS plugin's 'template' parameter is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this by manipulating the 'template' parameter in HTTP requests, allowing the inclusion of arbitrary files from the server's file system. This can bypass access controls and execute PHP code from included files. The vulnerability affects all versions up to and including 3.3.3. The endpoint '/wp-admin/admin-ajax.php' and the parameter 'template' are specifically targeted in this attack vector.
Exploiting this vulnerability can lead to severe consequences, including unauthorized access to sensitive files, execution of arbitrary code on the server, and privilege escalation. Attackers can potentially gain control over the affected system, steal confidential data, and disrupt services. The ability to execute arbitrary PHP code can further be leveraged to install backdoors, exfiltrate data, and compromise the entire WordPress installation.
By using the S4E platform, you gain comprehensive protection for your digital assets. Our platform continuously scans for vulnerabilities, ensuring your systems remain secure against the latest threats. Detailed reports and actionable insights help you understand and mitigate risks effectively. Joining our platform provides you with the tools and support needed to maintain robust cybersecurity defenses. Secure your digital landscape today with S4E's expert solutions.
References:
- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php
- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve
- https://github.com/drdry2/CVE-2024-3136-Wordpress-RCE
- https://github.com/nomi-sec/PoC-in-GitHub
