Lucene search
K

7 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/07/28 5:25 p.m.61 views

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

7.5CVSS9.6AI score0.98281EPSS
Exploits15
Circl
Circl
added 2023/07/25 2:31 p.m.16 views

CVE-2023-2068

creationtimestamp| type| source ---|---|--- 2023-07-25 14:31:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wppluginfmashortcodeunauthrce.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:50+00:00...

9.8CVSS9.3AI score0.3962EPSS
Exploits8References1
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.339 views

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.15 views

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

6.7AI score0.3962EPSS
Exploits8References2
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.46 views

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

9.7AI score0.3962EPSS
Exploits8References2
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.25 views

WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...

9.8CVSS7.1AI score0.3962EPSS
Exploits8References2Affected Software1
0day.today
0day.today
added 2023/06/06 12:0 a.m.352 views

File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution Exploit

Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE: CVE-2023-2068...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Rows per page
Query Builder