CVE-2024-32523

HIGH

EverPress Mailster <4.0.6 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-32523. PoCs published by tucommenceapousser.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-32523, an unauthenticated Local File Inclusion vulnerability in Mailster <= 4.0.6. It includes steps to reproduce the vulnerability, affected files (form.php and cron.php), and prerequisites such as specific PHP configurations.

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.

Exploits (1)

nomisec WRITEUP
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2024-32523-Poc

This repository provides a detailed technical analysis of CVE-2024-32523, an unauthenticated Local File Inclusion vulnerability in Mailster <= 4.0.6. It includes steps to reproduce the vulnerability, affected files (form.php and cron.php), and prerequisites such as specific PHP configurations.

Classification
Writeup 90%
Attack Type
Lfi
Complexity
Moderate
Reliability
Reliable
Target: Mailster - Email Newsletter Plugin for WordPress <= 4.0.6
No auth needed
Prerequisites: PHP configuration with FTP support and allow_url_include enabled · Access to an FTP server to host malicious files
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.5312
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-98
Status published
Products (1)
EverPress/Mailster < 4.0.6
Published May 17, 2024
Tracked Since Feb 18, 2026