{"id":24864801,"url":"https://github.com/hunthubspace/cve-2024-0757-exploit","last_synced_at":"2025-04-13T00:53:13.613Z","repository":{"id":244758479,"uuid":"816179994","full_name":"hunThubSpace/CVE-2024-0757-Exploit","owner":"hunThubSpace","description":"A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)","archived":false,"fork":false,"pushed_at":"2024-06-18T14:12:08.000Z","size":11,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-13T00:53:10.414Z","etag":null,"topics":["bugbounty","cve","ethical-hacking","exploit","penetration-testing","web"],"latest_commit_sha":null,"homepage":"https://www.hunthub.space","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hunThubSpace.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-17T07:46:21.000Z","updated_at":"2025-03-18T17:59:21.000Z","dependencies_parsed_at":"2024-06-18T17:26:03.644Z","dependency_job_id":"967d4709-e7a6-4926-bc49-1d9109c0beb4","html_url":"https://github.com/hunThubSpace/CVE-2024-0757-Exploit","commit_stats":null,"previous_names":["hunthubspace/cve-2024-0757-exploit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hunThubSpace%2FCVE-2024-0757-Exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hunThubSpace%2FCVE-2024-0757-Exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hunThubSpace%2FCVE-2024-0757-Exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hunThubSpace%2FCVE-2024-0757-Exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hunThubSpace","download_url":"https://codeload.github.com/hunThubSpace/CVE-2024-0757-Exploit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248650439,"owners_count":21139672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","cve","ethical-hacking","exploit","penetration-testing","web"],"created_at":"2025-01-31T23:55:56.630Z","updated_at":"2025-04-13T00:53:13.593Z","avatar_url":"https://github.com/hunThubSpace.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-0757 (Exploit)\n## Description\nThe Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible.\n\n\u003e [!IMPORTANT]\n\u003e CVSS:\t**8.8 (High)** [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]  \n\u003e Software Type:\t**Plugin**  \n\u003e Software Slug:\t**insert-or-embed-articulate-content-into-wordpress**  \n\u003e Affected Version:\t**\u003c= 4.3000000023**  \n\n## Exploit\n1. Clone the exploit\n``` bash\n  git clone https://github.com/hunThubSpace/CVE-2024-0757-Exploit.git \u0026\u0026 cd CVE-2024-0757-Exploit\n```\n2. Install requirements\n``` bash\n  pip install -r requirements.txt\n```\n3. Run exploit\n``` bash\n  python3 exploit.py\n```\n4. Browse to given url and click on **Go to shell page**\n5. You have a shell :)\n\n## PoC video\nhttps://github.com/hunThubSpace/CVE-2024-0757-Exploit/assets/49031710/6855e8c4-a00b-469d-bcec-7b2252352ee4\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhunthubspace%2Fcve-2024-0757-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhunthubspace%2Fcve-2024-0757-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhunthubspace%2Fcve-2024-0757-exploit/lists"}