NOMISEC-RandomRobbieBF/CVE-2024-50427

NOMISEC WORKING POC

Exploit for CVE-2024-50427 - SurveyJS: Drag & Drop WordPress Form Builder <1.9.136 - Unrestricte...

AI Analysis

This PoC exploits an arbitrary file upload vulnerability in SurveyJS WordPress plugin (CVE-2024-50427) by uploading a malicious PHP file via the admin-ajax.php endpoint. It requires authenticated access (Subscriber+ role) and demonstrates remote code execution by embedding arbitrary PHP code in the uploaded file.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 2

https://github.com/RandomRobbieBF/CVE-2024-50427

Stars 0

Forks 0

Last Push Nov 08, 2024

Authors

RandomRobbieBF

Vulnerability

CVE-2024-50427

SurveyJS: Drag & Drop WordPress Form Builder <1.9.136 - Unrestricte...

CRITICAL

CVSS 9.9