mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
2.0 KiB
2.0 KiB
CVE-2021-25094
Description
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
POC
Reference
- http://packetstormsecurity.com/files/167190/WordPress-Tatsu-Builder-Remote-Code-Execution.html
- https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd
- https://www.exploit-db.com/exploits/52260
Github
- https://github.com/0xZEros66/Wordpress-Exploit-AiO-Package
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/InMyMine7/SharkXploit
- https://github.com/MadExploits/TYPEHUB
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package
- https://github.com/TUANB4DUT/typehub-exploiter
- https://github.com/WhooAmii/POC_to_review
- https://github.com/darkpills/CVE-2021-25094-tatsu-preauth-rce
- https://github.com/experimentalcrow1/TypeHub-Exploiter
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/xdx57/CVE-2021-25094
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve