Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin

On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it...

Arbitrary File Upload

feehi/feehicms is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate uploaded files, which allows an attacker to execute arbitrary code through the /admin/index.php?r=admin-user%2Fupdate-self endpoint...

Deserialization of untrusted data

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2023-2996

Jetpack WordPress plugin (versions prior to 12.1.1) is affected by a vulnerability where uploaded files are not validated. This allows users with author roles or higher to manipulate existing files, delete arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. ...

Unlimited Elements For Elementor < 1.5.67 - Contributor+ Arbitrary File Upload

The plugin does not validate files in its file manager feature, allowing users with a role of contributor and above to upload arbitrary files...

Online Art Gallery Project 1.0 Arbitrary File Upload

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Date: 14/06/2023 Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip...

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Date: 14/06/2023 Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip...

CVE-2023-33253

LabCollector 6.0–6.15 is affected by CVE-2023-33253. The issue is in the message function and stems from insufficient validation of uploaded files (e.g., shell.jpg.php.shell), allowing an authenticated remote low-privileged user to upload an executable PHP file and execute system commands (remote...

WordPress Plugin Delete All Comments 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-15935 · WordPress · Adsanity

Name of the Vulnerable Software and Affected Versions: AdSanity plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to missing file type validation in the ajax upload function, allowing authenticated attackers with Contributor+ level privileges to upload...

Arbitrary Code Execution

textlive is vulnerable to Arbitrary Code Execution. The vulnerability exits because the TeX file was not properly validated, which allowed an attacker to execute untrusted input into the system...

Advantech WebAccess/SCADA 代码问题漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary file upload vulnerability exists i...

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. PoC curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php"...

Simple Photo Gallery Arbitrary File Upload Vulnerability

Simple Photo Gallery is a simple gallery web application. An arbitrary file upload vulnerability exists in Simple Photo Gallery v1.0, which stems from the application's lack of validation of uploaded files. The vulnerability can be exploited to remotely execute arbitrary code by uploading malicio...

CVE-2023-32981

A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...

CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

Remote Code Execution (RCE)

torfs-ict/cmsms is vulnerable to Remote Code Execution. The vulnerability exists because the library does not properly validate uploaded files, allowing an attacker to upload and execute a malicious file...

Directorist < 7.5.4 - Admin+ LFI

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. PoC This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir=tools=2=/etc/passwd=; 2.. You will be presented with the first couple...

Arbitrary File Upload

kiwitcms is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded, allowing an attacker to bypass the file upload restrictions by uploading a malicious .exe file or embedded JavaScript file, tricking people into clicking on the...

Textpattern CMS Arbitrary File Upload Vulnerability (CNVD-2023-36289)

Textpattern CMS is a Php-based content management system from the Textpattern team. An arbitrary file upload vulnerability exists in Textpattern CMS version v4.8.8. The vulnerability stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...