Contact Form 7 < 5.3.2 - Unrestricted File Upload
Description
The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload.
Proof of Concept
Append a unicode special character (from U+0000 [null] to U+001F [us]) to a filename and upload it via the ContactForm7 upload feature
Affects Plugins
Fixed in version 5.3.2✓
Classification
Type
UPLOAD
CWE
Miscellaneous
Original Researcher
Jinson Varghese Behanan
Submitter
Jinson Varghese Behanan
Submitter website
Submitter twitter
Verified
No
Timeline
Publicly Published
2020-12-17 (about 10 months ago)
Added
2020-12-17 (about 10 months ago)
Last Updated
2020-12-21 (about 10 months ago)