# N/A
## 概述
Forminator 插件存在任意文件上传漏洞,由于文件类型验证发生在文件上传之后,这使得未授权攻击者可以上传任意文件,进而可能导致远程代码执行。
## 影响版本
- 影响版本:1.24.6 及之前版本
## 细节
在 `upload_post_image()` 函数中,文件类型验证是在文件上传到服务器之后进行的。这意味着攻击者可以利用此漏洞上传任意文件,并可能进一步执行远程代码。
## 影响
未授权攻击者能够上传任意文件到受影响站点的服务器,可能导致远程代码执行。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | PoC Script for CVE-2023-4596, unauthenticated Remote Command Execution through arbitrary file uploads. | https://github.com/E1A/CVE-2023-4596 | POC详情 |
| 2 | special thanks to E1A for the POC of the CVE Exploit found here: https://github.com/E1A/CVE-2023-4596 | https://github.com/AlabamicHero/caldera_sandcat-usecase | POC详情 |
| 3 | CVE-2023-4596 Vulnerable Exploit and Checker Version | https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version | POC详情 |
| 4 | None | https://github.com/RHYru9/CVE-2023-4596-checker | POC详情 |
| 5 | CVE-2024-6387-checker is a tool or script designed to detect the security vulnerability known as CVE-2024-6387 OpenSSH. CVE-2024-6387 OpenSSH is an entry in the Common Vulnerabilities and Exposures (CVE) that documents security weaknesses discovered in certain software or systems. | https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker | POC详情 |
| 6 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4596.yaml | POC详情 |
暂无评论