Showing 1 - 1 of 1

CVE-2020-24948

Status Candidate

Overview

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.

Related Files

WordPress Autoptimize Shell Upload: Posted Jan 8, 2021; Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com; WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.; tags | exploit, remote, arbitrary, shell, php, code execution; advisories | CVE-2020-24948; MD5 | b411262c32d42ec1cbf7382e1a8f4a37; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 52 files
Ubuntu 29 files
Gentoo 26 files
malvuln 26 files
Jeremy Brown 7 files
Mesut Cetin 6 files
SunCSR 5 files
Arnav Tripathy 5 files
1F98D 5 files
Kshitiz Raj 5 files

File Archives

Systems

AIX (421)
Apple (1,760)
BSD (368)
Cisco (1,901)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,010)
HPUX (873)
iOS (280)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,200)
Mac OS X (672)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,543)
Slackware (941)
Solaris (1,597)
SUSE (1,444)
Ubuntu (7,062)
UNIX (8,822)
UnixWare (180)
Windows (5,721)
Other

CVE-2020-24948

Overview

Related Files

File Archive:

January 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems