exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Mateus Machado Tesser

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

Posted Jul 25, 2023

Authored by h00die-gr3y, Mateus Machado Tesser | Site metasploit.com

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.

tags | exploit, remote, web, php, code execution

advisories | CVE-2023-2068

SHA-256 | 70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403

Download | Favorite | View

File Manager Advanced Shortcode 2.3.2 Remote Code Execution

Posted Jun 5, 2023

Authored by Mateus Machado Tesser

File Manager Advanced Shortcode version 2.3.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2023-2068

SHA-256 | 123fe999b3768d81b415d9afb97d193fbe64d07848b6123122bd60e3c119ac03

Download | Favorite | View