CVE-2023-4634

CRITICAL EXPLOITED NUCLEI LAB

Media Library Assistant <3.09 - RCE

Title source: llm

Description

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

Exploits (3)

exploitdb WORKING POC
by Florent MONTEL · textwebappsphp
https://www.exploit-db.com/exploits/51737
nomisec WORKING POC 46 stars
by Patrowl · remote
https://github.com/Patrowl/CVE-2023-4634
nomisec WORKING POC
by Evillm · poc
https://github.com/Evillm/CVE-2023-4634-PoC

Nuclei Templates (1)

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
CRITICALVERIFIEDby Pepitoh,ritikchaddha
Shodan: http.html:wp-content/plugins/media-library-assistant
FOFA: body=wp-content/plugins/media-library-assistant

References (5)

Scores

CVSS v3 9.8
EPSS 0.9206
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:6.3-php8.2-apache

Details

VulnCheck KEV 2023-12-04
CWE
CWE-73
Status published
Products (2)
davidlingren/media_library_assistant < 3.10
dglingren/Media Library Assistant < 3.09
Published Sep 06, 2023
Tracked Since Feb 18, 2026