Saturday, January 9, 2021

WordPress Autoptimize Shell Upload

arbitrary code execution exploit php remote shell In: , , , , ,
WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
WordPress Autoptimize Shell Upload
 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore