WordPress Simple File List Unauthenticated Remote Code Execution
Posted by deepcore on November 26, 2020 – 10:25 pm
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.
Post a reply
You must be logged in to post a comment.