Lucene search
Dc11WPEX-ID:C6597E36-02D6-46B4-89DB-52C160F418BEHistorySep 19, 2023 - 12:00 a.m.
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-1900:00:00
dc11
24
file upload
web developer
unauthenticated
php code
exploit
admin view
signature field
image tag
Description The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE
On a page where there is a form with a Signature field, run the following code in the web developer console while unauthenticated and submit the form
jQuery('input[id^="signature-file-wdform_"]').val('data:image/php;base64,PD9waHAgZWNobyAiSGVsbG8gV29ybGQiOw==');
This will create the /wp-content/uploads/form-maker/signatures/signature-<10 digit number generated with rand(10)>.php file containing the PHP code echo "Hello World";. An attacker could either try to guess the pseudo random part, or wait until an admin view the submissions list which will call the file via an image tag and run the codeRelated
prion
prion
Input validation
2023-10-16 20:15:00
nvd
nvd
CVE-2023-4666
2023-10-16 20:15:15
cvelist
cvelist
CVE-2023-4666 Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-10-16 19:39:11
wpvulndb
wpvulndb
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-19 00:00:00
cve
cve
CVE-2023-4666
2023-10-16 20:15:15
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.2%
Related for WPEX-ID:C6597E36-02D6-46B4-89DB-52C160F418BE