cve/CVE-2023-0924.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 10:17:57 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

843 B

Raw Permalink Blame History

CVE-2023-0924

Description

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.

POC

Reference

https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4

Github

No PoCs found on GitHub currently.

843 B Raw Permalink Blame History

CVE-2023-0924

Description

POC

Reference

Github

843 B

Raw Permalink Blame History