← volver
CVE-2021-24453

Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning

EPSS 5.0%CWE-22
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 5.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 jul 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
Productos afectados
Unknown · Include Me

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/78575072-4e04-4a8a-baec-f313cfffe829