CVE-2019-14206

HIGH EXPLOITED NUCLEI LAB

Nevma Adaptive Images <0.6.67 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2019-14206 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including developerfred. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2019-14206, demonstrating arbitrary file deletion in the Adaptive Images for WordPress plugin. It includes a Docker-based test environment, Nuclei template, and detailed documentation for testing and validation.

Description

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.

Exploits (1)

nomisec WORKING POC

by developerfred · remote

https://github.com/developerfred/cve-2019-14206-poc

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2019-14206, demonstrating arbitrary file deletion in the Adaptive Images for WordPress plugin. It includes a Docker-based test environment, Nuclei template, and detailed documentation for testing and validation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adaptive Images for WordPress < 0.6.67

No auth needed

Prerequisites: WordPress with vulnerable Adaptive Images plugin installed · Network access to the target WordPress site

MITRE ATT&CK