WordPress Plugin Vulnerabilities
e-signature < 1.5.6.8 - Unauthenticated Arbitrary File Upload leading to RCE
Description
The AJAX sif_upload_file allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE
Proof of Concept
/wp-admin/admin-ajax.php?action=sif_upload_file
Affects Plugins
References
Miscellaneous
Original Researcher
John Castro
Submitter
Pagely
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-01-19 (about 3 years ago)
Added
2021-01-19 (about 3 years ago)
Last Updated
2021-01-20 (about 3 years ago)