The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:ays-pro:chartify:*:*:*:*:free:wordpress:*:* |
Thu, 14 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ays-pro
Ays-pro chartify |
|
CPEs | cpe:2.3:a:ays-pro:chartify:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ays-pro
Ays-pro chartify |
|
Metrics |
ssvc
|
Thu, 14 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |
Title | Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source | |
Weaknesses | CWE-98 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-14T11:00:12.910Z
Updated: 2024-11-14T19:33:58.060Z
Reserved: 2024-10-30T22:27:57.315Z
Link: CVE-2024-10571
Vulnrichment
Updated: 2024-11-14T19:07:40.574Z
NVD
Status : Analyzed
Published: 2024-11-14T11:15:04.630
Modified: 2024-11-19T15:46:52.187
Link: CVE-2024-10571
Redhat
No data.