WordPress AIT CSV Import/Export 3.0.3 Shell Upload

Posted by deepcore on January 13, 2021 – 6:15 am

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Cloud Filter Arbitrary File Creation / Privilege Escalation Cemetery Mapping And Information System 1.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WordPress AIT CSV Import/Export 3.0.3 Shell Upload

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL