Skip to content
Permalink
145fc4e34c
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
8 lines (6 sloc) 665 Bytes

WP-Curricul Vitea Free <= 6.3 - Arbitrary File Upload

The plugin WP-Curriculo Vitae Free suffers the vulnerability to allow an arbitrary file uploaded from the remote attacker. It supports a registration form that allows the remote visitor to register their personal information on the plugin user's website. The user with admin privilege could use the shortcode [formCadastro] in one page and the information about the register, including the profile picture and resume, will be stored in the local directory without any restriction in file extension.

Here is video that proof the vulnerability and present exploit process.