Open
Description
A Remote Code Execution (RCE) vulnerability exists in pixelimity via admin/admin-ajax.php?action=install_theme.
Step to exploit:
- Login as admin.
- Navigate to http://127.0.0.1/pixelimity/admin/themes.php.
- Compress "shell.php" to "shell.zip" file and then upload via Install New Theme.
- Visit http://127.0.0.1/pixelimity/themes/shell.php.
Metadata
Assignees
Labels
No labels


