Path Traversal Vulnerability in System Dashboard Plugin for WordPress
CVE-2024-10708

Currently unrated

Key Information:

Vendor
Wordpress
Status
System Dashboard
Vendor
CVE Published:
10 December 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The System Dashboard WordPress plugin, prior to version 2.8.15, is susceptible to a critical path traversal vulnerability. This flaw stems from inadequate validation of user input used in file paths. As a result, high privilege users, including administrators, can exploit this weakness to perform path traversal attacks, potentially reading sensitive and arbitrary files on the server. Website administrators are strongly encouraged to upgrade their plugin to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

System Dashboard 0 < 2.8.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10708 - Proof of Concept

References

https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-...
exploitvdb-entrytechnical-description

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dogus DEMIRKIRAN
WPScan
.