.. / CVE-2019-14205

Exploit for WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion (CVE-2019-14205)

Description:

WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST[‘adaptive-images-settings’][‘source_file’] parameter in adaptive-images-script.php.

Nuclei Template

View the template here CVE-2019-14205.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-14205.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-14205
https://wordpress.org/plugins/adaptive-images/#developers
https://github.com/security-kma/EXPLOITING-CVE-2019-14205
https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

.. / CVE-2019-14205 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion (CVE-2019-14205)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-14205