module
WordPress Simple File List Unauthenticated Remote Code Execution
| Disclosed |
|---|
| Apr 27, 2020 |
Disclosed
Apr 27, 2020
Description
Simple File List (simple-file-list) plugin before 4.2.3 for WordPress allows remote unauthenticated attackers
to upload files within a controlled list of extensions. However, the rename function does not conform to
the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed
to php and executed.
to upload files within a controlled list of extensions. However, the rename function does not conform to
the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed
to php and executed.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.