RCE Exploit for WordPress Plugin Media-Library Plugin < 3.10 (CVE-2023-4634)
Info
Patrowl discovered An unauthenticated RCE Vulnerability on Media-Librairy-Assistant WordPress Plugin in version < 3.10. The exploit is not trivial and requires just a little setup explained bellow.
Global discover and exploitaiton of the exploit could be found in our blog: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
Prerequisite of exploitaiton
- WordPress installed (all versions will work)
- Media-Library-Assistant in version < 3.10 (https://fr.wordpress.org/plugins/media-library-assistant/)
- Imagick libraries installed on the server
- Default Imagick configuration
- external network connectivitiy
Detection
The detection of the vulnerability could be performed using a basic DNS check on a remote FTP server. The nuclei template could be found on : CVE-2023-4634.yam
What do you think?
It is nice to know your opinion. Leave a comment.