Check-WP-CVE-2020-35489

CVE-2020-35489

The CVE-2020-35489 is discovered in the WordPress plugin Contact Form 7 5.3.1 and older versions. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website.

An estimated 5 million websites were affected.

The PoC will be displayed on December 31, 2020, to give users the time to update.

Reference

https://wpscan.com/vulnerability/10508

https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314

https://cwe.mitre.org/data/definitions/434.html

Run script

$ python3 check_CVE-2020-35489.py -d domaintest.com

Contact Form 7 version: 5.1.3
domaintest.com is vulnerable!

$ python3 check_CVE-2020-35489.py -i in.txt -o out.txt

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
check_CVE-2020-35489.py		check_CVE-2020-35489.py
factory.py		factory.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

check_CVE-2020-35489.py

check_CVE-2020-35489.py

factory.py

factory.py

requirements.txt

requirements.txt

Repository files navigation

Check-WP-CVE-2020-35489

CVE-2020-35489

Reference

Run script

About

Releases

Packages

Languages

X0UCYB3R/Check-WP-CVE-2020-35489

Folders and files

Latest commit

History

Repository files navigation

Check-WP-CVE-2020-35489

CVE-2020-35489

Reference

Run script

About

Resources

Stars

Watchers

Forks

Languages