Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 2020-10-24 Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramon Janssen Vendor Homepage: N/A Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: <=1.3 Attack Type: Remote Impact: Remote Code Execution Description: Vulnerable Component: PDW File Browser, a plugin for TinyMCE and CKEditor WYSIWYG editors. Vulnerability: The plugin contains a critical software flaw that allows for remote code execution. Exploit Process: 1. Upload a webshell with a extension (WEBSHELL.txt) via the file upload functionality. 2. Use the rename functionality to change the Webshell's file extension from to and move it to an arbitrary location on the web server. 3. The target path for the file should contain double encoded characters. Example Request: Upload Webshell: Rename and Move Webshell: Result: The webshell should be located at . Additional Information: Tags: Not provided in the screenshot. Advisory/Source: Link (the link is not visible in the screenshot).