How severe is CVE-2024-8392?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-8392?

This is classified as CWE-98, which is a common weakness in software security.

CVE-2024-8392 - HIGH Severity | CVSS 7.2

Vulnerability Description

The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This can also be exploited via CSRF techniques.

Related Vulnerabilities

CVE-2021-22968

HIGH

CVSS:7.2(High)

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature...

CWE-982021

CVE-2023-2551

HIGH

CVSS:7.2(High)

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.

CWE-982023

CVE-2024-31459

HIGH

CVSS:7.2(High)

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilit...

CWE-982024

CVE-2024-35650

HIGH

CVSS:7.2(High)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue ...

CWE-982024

CVE-2024-51319

HIGH

CVSS:7.3(High)

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell throug...

CWE-982024

CVE-2016-6565

HIGH

CVSS:7.5(High)

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to...

CWE-982016