Skip to content
/ CVE-2024-0757-Exploit Public

A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)

www.hunthub.space
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hunThubSpace/CVE-2024-0757-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 
files.zip
files.zip
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2024-0757 (Exploit)

Description

The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible.

Important

CVSS: 8.8 (High) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
Software Type: Plugin
Software Slug: insert-or-embed-articulate-content-into-wordpress
Affected Version: <= 4.3000000023

Exploit

  1. Clone the exploit
  git clone https://github.com/hunThubSpace/CVE-2024-0757-Exploit.git && cd CVE-2024-0757-Exploit
  1. Install requirements
  pip install -r requirements.txt
  1. Run exploit
  python3 exploit.py
  1. Browse to given url and click on Go to shell page
  2. You have a shell :)

PoC video

POC.mp4

About

A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)

www.hunthub.space

Topics

web exploit penetration-testing bugbounty cve ethical-hacking

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages