cve/CVE-2024-5084.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

POC

Reference

No PoCs from references.

Github

https://github.com/Chocapikk/CVE-2024-5084
https://github.com/Chocapikk/Chocapikk
https://github.com/KTN1990/CVE-2024-5084
https://github.com/k3lpi3b4nsh33/CVE-2024-5084
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

1.2 KiB Raw Blame History Unescape Escape

CVE-2024-5084

Description

POC

Reference

Github

1.2 KiB

Raw Blame History