CVE-2015-10087

MEDIUM

UpThemes Theme DesignFolio Plus 1.2 - Unrestricted Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-10087. PoCs published by CrashBandicot.

AI-analyzed exploit summary This exploit targets an arbitrary file upload vulnerability in the WordPress DesignFolio-Plus theme. It bypasses security checks by leveraging a predictable MD5-based upload key and directory traversal via base64-encoded paths to upload a malicious file.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CrashBandicot · textwebappsphp

https://www.exploit-db.com/exploits/36372

View Code ZIP pw:eip

This exploit targets an arbitrary file upload vulnerability in the WordPress DesignFolio-Plus theme. It bypasses security checks by leveraging a predictable MD5-based upload key and directory traversal via base64-encoded paths to upload a malicious file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress DesignFolio-Plus theme (version unspecified)

No auth needed

Prerequisites: Target must have the vulnerable DesignFolio-Plus theme installed · Upload directory must be writable

MITRE ATT&CK