Susceptible to Remote Code Execution via Log Poisoning
CVE-2024-6451
Currently unrated
Key Information:
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php.
Affected Version(s)
AI Engine 0 < 2.5.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Karolis Narvilas
WPScan