CVE-2024-9047 Scanner
CVE-2024-9047 Scanner - Arbitrary File Read vulnerability in WordPress File Upload
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
16 days 20 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The WordPress File Upload plugin is a widely used tool for adding file upload capabilities to WordPress websites. It is particularly valued for its flexibility and ease of use, enabling site administrators to allow visitors to upload files securely. This plugin is often adopted by businesses and developers to enhance functionality on WordPress platforms.
This vulnerability enables unauthenticated attackers to perform arbitrary file read operations through the `wfu_file_downloader.php` script in WordPress File Upload plugin versions up to and including 4.24.11. Exploitation is possible on WordPress installations using PHP 7.4 or earlier, bypassing intended file access restrictions.
The vulnerability stems from a Path Traversal flaw in the plugin's file download mechanism. Attackers can craft specific requests to the `wfu_file_downloader.php` endpoint to access files outside the intended directories, including sensitive server files such as `/etc/passwd`. This is caused by insufficient sanitization of user input.
Successful exploitation can expose sensitive information, such as configuration files and user data, to unauthorized users. This could be leveraged to further compromise the affected system, disrupt services, or steal sensitive data. The vulnerability poses a critical risk, especially for websites relying on older PHP versions.
REFERENCES
- https://github.com/iSee857/CVE-2024-9047-PoC
- https://nvd.nist.gov/vuln/detail/cve-2024-9047
- https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload
- https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve
- https://github.com/wy876/POC
- https://www.usom.gov.tr/bildirim/tr-24-1670
- https://sploitus.com/exploit?id=3358E6CC-BC63-56E4-A4C4-1F70903C34D5