A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-24T13:02:04
Updated: 2021-06-28T18:06:13
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-24186
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-24T14:15:12.143
Modified: 2022-01-01T18:46:47.427
Link: CVE-2020-24186
JSON object: View
Redhat Information
No data.
CWE