Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files
Note: This must be tested on a web server running Apache 1) Create a new post 2) Add e-Learning block to the post and upload a zip file containing a blank HTML file (e.g. main.html
) and a Phar filed with the name cmd.phar
). In cmd.phar
, add the contents ``. Malicious .htaccess files works too. 3) After uploading, browse to http://example.com//wp-content/uploads/articulate_uploads/__ZIP_NAME_HERE__/cmd.phar?cmd=ls 4) You will see a listing of contents using the ls
command