exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
WordPress Modern Events Calendar Remote Code Execution https://packetstormsecurity.com/files/163672/wp_plugin_modern_events_calendar_rce.rb.txt https://packetstormsecurity.com/files/163672/wp_plugin_modern_events_calendar_rce.rb.txt https://packetstormsecurity.com/files/163672/WordPress-Modern-Events-Calendar-Remote-Code-Execution.html Mon, 26 Jul 2021 16:16:20 GMT This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close