Skip to content
/ CVE-2024-27971-Note Public

CVE-2024-27971 WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

truonghuuphuc/CVE-2024-27971-Note

BranchesTags

Repository files navigation

CVE-2024-27971-Note

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion https://patchstack.com/database/vulnerability/woo-permalink-manager/wordpress-premmerce-permalink-manager-for-woocommerce-plugin-2-3-10-local-file-inclusion-vulnerability

  1. I diff woo-permalink-manager.2.3.10 and woo-permalink-manager.2.3.11 image

  2. File: src\Admin\Admin.php => function options() call function includeTemplate(vendor\premmerce\wordpress-sdk\src\V2\FileManager\FileManager.php) image

  3. File: vendor\premmerce\wordpress-sdk\src\V2\FileManager\FileManager.php => function includeTemplate call function locateTemplate

image image

  1. File: views\admin\main.php image

Build wordpress: docker-compose -f stack.yml up

Note: wordpress install plugin Premmerce Permalink Manager for WooCommerce and WooCommerce image

  1. I use pearcmd.php write pwn.php image

  2. Requests pwn.php image

About

CVE-2024-27971 WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published