.. / CVE-2020-24186

Exploit for WordPress wpDiscuz <=7.0.4 - Remote Code Execution (CVE-2020-24186)

Description:

WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

Nuclei Template

View the template here CVE-2020-24186.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-24186.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2020-24186
https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html

.. / CVE-2020-24186 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress wpDiscuz <=7.0.4 - Remote Code Execution (CVE-2020-24186)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-24186