mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 01:31:01 +00:00
29 lines
1.2 KiB
Markdown
29 lines
1.2 KiB
Markdown
|
### [CVE-2020-12800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12800)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/0xT11/CVE-POC
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
||
|
|
- https://github.com/Retr0-ll/2023-littleTerm
|
||
|
|
- https://github.com/Retr0-ll/littleterm
|
||
|
|
- https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package
|
||
|
|
- https://github.com/amartinsec/CVE-2020-12800
|
||
|
|
- https://github.com/developer3000S/PoC-in-GitHub
|
||
|
|
- https://github.com/hectorgie/PoC-in-GitHub
|
||
|
|
- https://github.com/nomi-sec/PoC-in-GitHub
|
||
|
|
- https://github.com/soosmile/POC
|
||
|
|
- https://github.com/zero-script1/LoL-Binary
|
||
|
|
|