CVE-2019-8942

This PoC demonstrates a remote code execution (RCE) vulnerability in WordPress by exploiting a path traversal flaw in image metadata handling, allowing an author-level user to write malicious PHP code to a theme file.

This repository contains two Python scripts demonstrating CVE-2019-8942, a path traversal vulnerability in WordPress leading to arbitrary file write and remote code execution (RCE). The exploits abuse image metadata manipulation and the image cropping functionality to write a malicious file into the theme directory.

This repository provides a detailed writeup on CVE-2019-8942 and CVE-2019-8943, which involve a combination of LFI and file upload vulnerabilities in WordPress, leading to RCE for users with author privileges. The writeup includes technical analysis, exploitation steps, and a demo PoC.

This PoC exploits CVE-2019-8942 and CVE-2019-8943 in WordPress by uploading a malicious image with embedded PHP code, manipulating metadata to change the file path, and triggering remote code execution via image cropping functionality.

This exploit targets a path traversal vulnerability in WordPress (CVE-2019-8943) to achieve remote code execution by manipulating image metadata and leveraging the image cropping functionality to write a malicious PHP file.

This Metasploit module exploits a path traversal and local file inclusion vulnerability in WordPress (CVE-2019-8943) to achieve remote code execution by uploading a malicious image file and including it in the theme.

This repository contains a functional Python exploit for CVE-2019-8942 and CVE-2019-8943, targeting WordPress versions 5.0.0 and below. The exploit chains authentication bypass and image upload vulnerabilities to achieve remote code execution (RCE) by manipulating image metadata and file paths.

This Metasploit module exploits a path traversal and local file inclusion vulnerability in WordPress (CVE-2019-8942 and CVE-2019-8943) to achieve remote code execution by uploading a malicious image file and including it in a theme.