AncoraThemes Impacto Patronus Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the AncoraThemes Impacto Patronus WordPress theme, affecting versions through 1.2.3. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a database takeover if sensitive files like database credentials are accessed.
Impact
Exploitation of this vulnerability could allow for local file inclusion, with the potential to access and display sensitive files such as database credentials. Depending on the website's configuration, this could lead to a complete takeover of the database.
Remediation
Users are advised to mitigate this vulnerability immediately. Patchstack has issued a mitigation rule to block attacks until an official patch is available. For more information on how to apply this mitigation, visit the Patchstack website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.