cve/CVE-2012-10026.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.1 KiB

Raw Permalink Blame History

CVE-2012-10026

Description

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.

POC

Reference

https://www.exploit-db.com/exploits/18993
https://www.exploit-db.com/exploits/23652
https://www.vulncheck.com/advisories/wordpress-plugin-asset-manager-php-file-upload

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Permalink Blame History Unescape Escape

CVE-2012-10026

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History