Advertisement






Event Locations 1.0.1 - unrestricted files upload Vulnerability

CVE Category Price Severity
CVE-2021-12345 CWE-434 Not specified High
Author Risk Exploitation Type Date
Unknown Critical Remote 2019-02-01
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.3456 0.85087

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020009

Below is a copy:

Event Locations 1.0.1 - unrestricted files upload Vulnerability
====================================================================================================================================
| # Title     : Event Locations 1.0.1 - unrestricted files upload Vulnerability                                                    |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | 
| # Vendor    : https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679                                               |  
| # Dork      : "/events_edit.php?id="                                                                                             |
====================================================================================================================================


poc :

[+] Dorking n Google Or Other Search Enggine.

[+] click 2 creat a Nouveau RDV & in Upload Image box upload your Ev!l 

[+] go to http://cut.gg/assets/uploads/ 

[+] http://cut.gg/assets/uploads/13fae906ea9b6cfbaa6b5ab478c435dc.jpg

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh   |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.