CVE-2012-3574

MM Forms Community 2.2.5-2.2.6 - Unauthenticated Arbitrary File Upload via doajaxfileupload.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3574. PoCs published by Sammy FORGIT.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in WordPress MM Forms Community plugin versions 2.2.5-2.2.6. It uses cURL to upload a PHP file (lo.php) to the vulnerable endpoint, allowing remote code execution.

Description

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sammy FORGIT · phpwebappsphp

https://www.exploit-db.com/exploits/18997

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in WordPress MM Forms Community plugin versions 2.2.5-2.2.6. It uses cURL to upload a PHP file (lo.php) to the vulnerable endpoint, allowing remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress MM Forms Community Plugin 2.2.5-2.2.6

No auth needed

Prerequisites: Target running vulnerable WordPress plugin · Network access to the target

MITRE ATT&CK