0day.today - Dunyanin En Buyuk Exploit Veritabani

Dilinizi secin:

Bu konuda bilmeniz gerekenler:

Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK

Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte.

We accept currencies: [contact admin to find more]

Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.

Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

Zaten 0day.today'a kayitli bir kullaniciyim. Bu ekrani bir daha gormek istemiyorum.

Ilk ne yapmali?

Oku [ anlasma ]
Oku [ Gonder ] kurallar
Ziyaret et [ SSS ] page
[ Uye Ol ] profil
[ FIYAT ]
Eger istiyorsaniz [ satmak ]
Eger istiyorsaniz [ almak ]
Eger kaybederseniz [ Hesap ]
Herhangi bir sorunuz [ [email protected] ]

Ana linkler

Bize ulasabilirsiniz

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ Yenileme ]

Bize ulasabilirsiniz:

Mail:

[email protected]

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

WordPress Modern Events Calendar Remote Code Execution Exploit

[ 0Day-ID-36594 ]

Full Baslik

WordPress Modern Events Calendar Remote Code Execution Exploit [ Highlight ]

Highlight - is paid service, that can help to get more visitors to your material.

Price:

Eklenme Tarihi

26-07-2021

Kategori

web applications

Platform

php

Dogrulanma

Fiyat

Ucretsiz

Risk

[

Security Risk Critical

]

Rel. releases

Tanim

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

CVE

CVE-2021-24145

Other Information

Abuses

Yorumlar

Goruntulemeler

2 407

We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!

Ucretsiz

Open Exploit
You can open this source code for free

Open Exploit

Open Exploit
You can open this source code for free

Verified by

Verified by
This material is checked by Administration and absolutely workable.

Yazar

metasploit

Exploit

1633

Okuyucular

[ Yorumlar: 0 ]

Users are forbidden to exchange personal contact details
Haggle on other sites\projects is forbidden
Reselling is forbidden

Punishment: permanent block of user account with all Gold.

Yorum yazabilmek icin giris yapin ve ya uye olun

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

WordPress Modern Events Calendar Remote Code Execution Exploit

Report Error

Report Error