Vulnerability & Exploit Database

Back to search

WordPress Ninja Forms Unauthenticated File Upload

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

Authors

  • James Golovich
  • Rob Carr <rob [at] rastating.com>

References

Targets

  • ninja-forms

Platforms

  • php

Architectures

  • php

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload msf exploit(wp_ninja_forms_unauthenticated_file_upload) > show targets ...targets... msf exploit(wp_ninja_forms_unauthenticated_file_upload) > set TARGET <target-id> msf exploit(wp_ninja_forms_unauthenticated_file_upload) > show options ...show and set options... msf exploit(wp_ninja_forms_unauthenticated_file_upload) > exploit