This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.
3a487527cd2c26d67722a8add1279d90
WordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.
fd101c534c46cd870f749ee96683105c
WordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.
65ba2386879719112c7ebb164ef919bd
WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.
454b36474bb5640208c29ba15e38cdf9
WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.
6a7331517f75d9ddda3261b9e513ef83
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
c748e130ebc6a192d7a66d7a977f9243
This Metasploit module exploits a vulnerability found in WP-Property <= 1.35.0 WordPress plugin. By abusing the uploadify.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
6ecacadf5f4f0c4ec0b51d8a7024ea00
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
95885aafd89fb4191f4ba1c513063adf
Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0c3acb88bd9551d03ba8fd4d82c8f5a6
JAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.
537ddf2f2d9b6fbbd7da2d4839e2ac41
Drupal Drag and Drop third party module version 6.x-1.5 suffers from a remote shell upload vulnerability.
d231d5209233b10f581920ad6e54c2cc
Autopagina CMS version 2.8 suffers from a remote SQL injection vulnerability.
a8b341071924160ea47bd8aa7ed81d2d
Umapresence version 2.6.0 suffers from remote shell upload and file deletion vulnerabilities.
938b6ee03d3db9422bacc1892c2b964c
Uploadify-amazon-s3 version 1.01 suffers from an unauthenticated remote shell upload vulnerability.
b3c8ab14d86b03e5f146ec8a6c8984e8
WordPress Fancy Gallery third party module version 1.2.4 suffers from an unauthenticated remote shell upload vulnerability.
66f8b65377d7fd4874b2c38cb1f5f5c1
Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.
183cdba6a88f1378f62e4596f2c29f3c
WordPress Flip Book third party module version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
aff354633467c33276bfc37585c009c3
Wolf CMS / Frog CMS BD uploadR third party module suffers from an unauthenticated remote shell upload vulnerability.
d968ee9ee08fed9f682fc57d590c00a6
e107 Articulate third party module version 1.1.1 suffers from an unauthenticated remote shell upload vulnerability.
e5a90b7d2c959d4fbc8f8a610a5334b8
WordPress Ajax Multi Upload third party module version 1.1 suffers from an unauthenticated remote shell upload vulnerability.
f4020a27ac86f8171a4293a6fa7dbb4c
e107 Tap plugin version 2.0 suffers from a remote shell upload vulnerability.
4e4a8208bdf07659d5896ab5cb16c596
e107 Radio Plan plugin version 2.06 suffers from a remote shell upload vulnerability.
0cc346fc2ea847c99274a9964816e24a
e107 Hupsi Share plugin version 1.00 suffers from a remote shell upload vulnerability.
46b2038c0c82d9d78b413553f6cc4595
e107 Image Gallery plugin version 0.9.7.1 suffers from a remote file disclosure vulnerability.
572c7e3364cccdfaaa1d05481b919f5b
e107 Hupsi Media Gallery plugin version 1.0 suffers from a remote shell upload vulnerability.
15d6dfb88d5ee410b46450015582782c