WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted by deepcore on June 5, 2020 – 5:23 pm
This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload – Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
Post a reply
You must be logged in to post a comment.