File with Dangerous Type Vulnerability Leads to Code Injection
CVE-2024-43160
10CRITICAL
Key Information:
- Vendor
- BerqWP
- Status
- BerqWP
- Vendor
- CVE Published:
- 13 August 2024
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
The BerqWP Plugin is susceptible to an unrestricted file upload vulnerability that can be exploited for code injection. This issue allows attackers to upload malicious files, potentially compromising the security of the server hosting the web application. Users of the BerqWP Plugin, particularly versions prior to 1.7.6, should implement immediate measures to secure their installations against this vulnerability to prevent unauthorized access and data breaches.
Affected Version(s)
BerqWP <= 1.7.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)