.. / CVE-2018-7422

Exploit for WordPress Site Editor <=1.1.1 - Local File Inclusion (CVE-2018-7422)

Description:

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.

Nuclei Template

View the template here CVE-2018-7422.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-7422.yaml

References:

https://github.com/El-Palomo/SYMFONOS
https://wpvulndb.com/vulnerabilities/9044
https://nvd.nist.gov/vuln/detail/CVE-2018-7422
https://www.exploit-db.com/exploits/44340
http://seclists.org/fulldisclosure/2018/Mar/40

.. / CVE-2018-7422 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Site Editor <=1.1.1 - Local File Inclusion (CVE-2018-7422)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-7422