mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.3 KiB
1.3 KiB
CVE-2018-7422
Description
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
POC
Reference
- http://seclists.org/fulldisclosure/2018/Mar/40
- https://wpvulndb.com/vulnerabilities/9044
- https://www.exploit-db.com/exploits/44340/
Github
- https://github.com/0x00-0x00/CVE-2018-7422
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/El-Palomo/SYMFONOS
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HeiTang/ZYXEl-CTF-WriteUp
- https://github.com/JacobEbben/CVE-2018-7422
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/jessisec/CVE-2018-7422
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/vshaliii/Symfonos1-Vulnhub-walkthrough