CVE-2020-14479 – ICSA-20-147-01 Inductive Automation Ignition (Update B)
https://notcve.org/view.php?id=CVE-2020-14479
Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server Puede obtenerse información confidencial mediante el manejo de datos serializados. El problema es debido a una falta de autenticación apropiada requerida para consultar el servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-20-147-01 • CWE-306: Missing Authentication for Critical Function •
CVE-2021-43996
https://notcve.org/view.php?id=CVE-2021-43996
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. El componente Ignition versiones anteriores a 1.16.15, y versiones 2.0.x anteriores a 2.0.6, para Laravel presenta una función "fix variable names" que puede conllevar un control de acceso incorrecto. • https://github.com/facade/ignition/compare/1.16.14...1.16.15 https://github.com/facade/ignition/compare/2.0.5...2.0.6 https://github.com/facade/ignition/pull/285 •
CVE-2021-24219 – All Thrive Themes and Plugins - Unauthenticated Option Update
https://notcve.org/view.php?id=CVE-2021-24219
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. El plugin Thrive Optimize WordPress versiones anteriores a 1.4.13.3, el plugin Thrive Comments WordPress versiones anteriores a 1.4.15.3, el plugin Thrive Headline Optimizer WordPress versiones anteriores a 1.3.7.3, el plugin Thrive Leads WordPress versiones anteriores a 2.3.9.4, el plugin Thrive Ultimatum WordPress versiones anteriores a 2.3.9.4, el plugin Thrive Quiz Builder WordPress versiones anteriores a 2.3.9.4, el plugin Thrive Apprentice WordPress versiones anteriores a 2.3.9.4, el plugin Thrive Visual Editor WordPress versiones anteriores a 2.6.7.4, el plugin Thrive Dashboard WordPress versiones anteriores a 2.3.9.3, el plugin Thrive Ovation WordPress versiones anteriores a 2.4.5, el plugin Thrive Clever Widgets WordPress versiones anteriores a 1.57.1 y Rise para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Ignition para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Luxe para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, FocusBlog para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Minus para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Squared para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, el tema Voice WordPress versiones anteriores a 2.0.0, Performag para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Pressive para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Storied para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, el temaThrive Themes Builder WordPress versiones anteriores a 2.2.4, registra un endpoint de la API REST asociado con la funcionalidad de Zapier. Si bien este endpoint estaba destinado a requerir una clave de API para acceder, era posible acceder a él proporcionando un parámetro api_key vacío en versiones vulnerables si Zapier no estaba habilitado. • https://wpscan.com/vulnerability/35acd2d8-85fc-4af5-8f6c-224fa7d92900 https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVE-2021-24220 – All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
https://notcve.org/view.php?id=CVE-2021-24220
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code. Thrive "Legacy" Rise by Thrive Themes de WordPress versiones anteriores a 2.0.0, Luxe para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Minus para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Ignition para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, FocusBlog para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Squared para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, el tema Voice WordPress versiones anteriores a 2.0.0, Performag para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Pressive para el tema Thrive Themes WordPress versiones anteriores a 2.0.0, Storied para el tema Thrive Themes WordPress versiones anteriores a 20.0, registra un endpoint de la API REST para comprimir imágenes utilizando el motor de optimización de imágenes Kraken. Al suministrar una petición diseñada en combinación con los datos insertados usando la vulnerabilidad de Actualización de Opciones, era posible utilizar este endpoint para recuperar código malicioso de una URL remota y sobrescribir un archivo existente en el sitio con él o crear un nuevo archivo. Esto incluye archivos PHP ejecutables que contienen código malicioso • https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-3129 – Laravel Ignition File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. Ignition versiones anteriores a 2.5.2, como es usado en Laravel y otros productos, permite a atacantes remotos no autenticados ejecutar código arbitrario debido a un uso no seguro de las funciones file_get_contents() y file_put_contents(). Esto es explotable en sitios que usan el modo de depuración con Laravel versiones anteriores a 8.4.2 Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). • https://www.exploit-db.com/exploits/49424 https://github.com/zhzyker/CVE-2021-3129 https://github.com/SNCKER/CVE-2021-3129 https://github.com/joshuavanderpoll/CVE-2021-3129 https://github.com/SecPros-Team/laravel-CVE-2021-3129-EXP https://github.com/knqyf263/CVE-2021-3129 https://github.com/Y0s9/CVE-2021-3129 https://github.com/FunPhishing/Laravel-8.4.2-rce-CVE-2021-3129 https://github.com/Axianke/CVE-2021-3129 https://github.com/shadowabi/Laravel-CVE-2021-3129 •