15 matches found
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action...
Metasploit Wrap-Up
Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker...
WordPress wpDiscuz 7.0.4 Shell Upload Exploit
This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server. This module...
WordPress wpDiscuz 7.0.4 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthenticated File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress...
WordPress wpDiscuz Unauthenticated File Upload Vulnerability
This module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions = 7.0.0 and use exploit/unix/webapp/wpwpdiscuzunauthenticatedfileupload msf exploitwpwpdiscuzunauthenticatedfileupload show targets ...targets... msf exploitwpwpdiscuzunauthenticatedfileupload set TARGET msf...
CVE-2020-24186
creationtimestamp| type| source ---|---|--- 2021-06-25 21:29:57+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpwpdiscuzunauthenticatedfileupload.rb 2022-04-06 13:34:15+00:00| published-proof-of-concept| https://t.me/intelexch/11722 2022-06-2...
Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz
POC CVE-2020-24186-wpDiscuz-7.0.4-RCE WordPress wpDiscuz 7.0...
Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz
POC CVE-2020-24186-wpDiscuz-7.0.4-RCE WordPress wpDiscuz 7.0...
WordPress wpDiscuz 7.0.4 Plugin - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9, Windows 7, Windows 10...
WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)
Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Date: 2021/06/08 Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9,...
Wordpress wpDiscuz 7.0.4 Plugin - Arbitrary File Upload (Unauthenticated) Exploit
Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...
Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...
WordPress wpDiscuz 7.0.4 Shell Upload
Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...
CVE-2020-24186
CVE-2020-24186 affects the WordPress wpDiscuz plugin (versions 7.0.0 through 7.0.4). The flaw allows unauthenticated attackers to upload arbitrary files via the wmuUploadFiles AJAX action, enabling remote code execution (RCE) by uploading PHP content. Public exploits and PoCs in the connected doc...
CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. Recent assessments: noraj at June 25, 2021 8:12am UTC reported: This...