Transposh WordPress Translation 1.0.8.1 Remote Code Execution

Posted by deepcore on July 29, 2022 – 9:40 pm

Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Loan Management System 1.0 SQL Injection http://nanuan.go.th/nanuan/module_eservice1/ »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL