Lucene search
WpvulndbWPVDB-ID:53E47E67-C8C9-45A9-9A9C-DA52C37047BFHistoryMay 26, 2020 - 12:00 a.m.
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
2020-05-2600:00:00
wpscan.com
8
EPSS
0.975
Percentile
100.0%
Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file. There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be installed on the target machine.
PoC
https://github.com/amartinsec/CVE-2020-12800/blob/master/exploit.py
Related
checkpoint_advisories
checkpoint_advisories
WordPress Drag And Drop Plugin Remote Code Execution (CVE-2020-12800)
2020-06-10 00:00:00
WordPress Suspicious File Upload (CVE-2020-12800)
2016-05-09 00:00:00
nvd
nvd
CVE-2020-12800
2020-06-08 17:15:10
prion
prion
Unrestricted file upload
2020-06-08 17:15:00
wpexploit
wpexploit
nuclei
nuclei
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
2021-08-23 23:27:51
patchstack
patchstack
githubexploit
githubexploit
metasploit
metasploit
Wordpress Drag and Drop Multi File Uploader RCE
2020-05-31 01:07:46
cve
cve
CVE-2020-12800
2020-06-08 17:15:10
zdt
zdt
WordPress Drag And Drop Multi File Uploader Remote Code Execution Exploit
2020-06-08 00:00:00
cvelist
cvelist
CVE-2020-12800
2020-06-08 16:25:13
packetstorm
packetstorm
WordPress Drag And Drop Multi File Uploader Remote Code Execution
2020-06-04 00:00:00
0daydb
0daydb
WordPress Drag And Drop Multi File Uploader Remote Code Execution
2020-06-06 15:13:28
openvas
openvas