← volver
CVE-2024-6460

Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI

CVSS 9.8 CRITICALEPSS 4.8%
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Unknown · Grow by Tradedoubler
PoCs públicas encontradas3
githubgithub.com/Nxploited/CVE-2024-64600githubgithub.com/E1-Bot141/CVE-2024-64600cve_referencewpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/