CVE-2024-3136 — AI Deep Analysis Summary

🚨 **Essence**: Local File Inclusion (LFI) via the `template` parameter.…

🛡️ **Root Cause**: CWE-98 (Improper Control of Filename for Include/Require).…

📦 **Affected**: WordPress Plugin **MasterStudy LMS**. <br>📉 **Versions**: **3.3.3 and earlier**. <br>🏢 **Vendor**: stylemix.

🕵️ **Attacker Capabilities**: <br>1️⃣ Execute arbitrary PHP code (RCE). <br>2️⃣ Read sensitive server files. <br>3️⃣ Bypass authentication/access controls. <br>4️⃣ Escalate privileges to full server control.

⚡ **Threshold**: **LOW**. <br>🔓 **Auth**: **Unauthenticated** (No login required). <br>🌐 **Access**: Network accessible (AV:N). <br>🎯 **Complexity**: Low (AC:L).

🔥 **Exploits**: **YES**. <br>📂 **Public PoCs**: Available on GitHub (e.g., `drdry2`, `AlexDoe11`). <br>🤖 **Automation**: Nuclei templates exist for automated scanning.

🔍 **Self-Check**: <br>1️⃣ Scan for **MasterStudy LMS** version ≤ 3.3.3. <br>2️⃣ Use Nuclei template `CVE-2024-3136.yaml`. <br>3️⃣ Check if `template` parameter is unsanitized in requests.

🛠️ **Fix**: **YES**. <br>📝 **Patch**: Official changesets released by vendor (Trac changeset 3064337). <br>✅ **Action**: Update plugin to latest version immediately.

🚧 **No Patch?**: <br>1️⃣ **Disable** the plugin if not essential. <br>2️⃣ **WAF**: Block requests with suspicious `template` parameters. <br>3️⃣ **Restrict**: Limit file inclusion paths via server config.

🚨 **Urgency**: **CRITICAL**. <br>⚠️ **Priority**: **P1**. <br>📢 **Reason**: Unauthenticated RCE with public exploits. Immediate patching required to prevent server compromise.