4 matches found
WordPress Holding Pattern Theme Arbitrary File Upload
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'socket' class Metasploit3 'WordPress Holding Pattern Theme Arbitrary File Upload', 'Description' = %q This module exploits a file upload...
WordPress Holding Pattern Theme Arbitrary File Upload
This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the uploadfile.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web...
CVE-2015-1172
The CVE-2015-1172 entry describes an Unrestricted File Upload vulnerability in WordPress Holding Pattern Theme (Holding Pattern) 0.6 and earlier, due to a faulty admin/upload-file.php that permits uploading PHP files without validation. A remote attacker can upload a PHP payload and trigger arbit...
CVE-2015-1172
creationtimestamp| type| source ---|---|--- 2015-02-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41698 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpholdingpatternfileupload.rb 2025-02-06...