Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-8942 PoC — WordPress 代码注入漏洞

Source
https://github.com/synod2/WP_CROP_RCE
Associated Vulnerability
Title:WordPress 代码注入漏洞 (CVE-2019-8942)
Description:WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
Description
cve-2019-8942, cve-2019-8943
File Snapshot

 [4.0K]  /data/pocs/77c65bd51ce5e3582caa3bb2be05182e2670174c
├── [ 657]  docker-compose.yml
├── [ 321]  Dockerfile
├── [4.8K]  ex.py
├── [4.0K]  img
│   ├── [244K]  Untitled 1.png
│   ├── [ 95K]  Untitled 2.png
│   ├── [ 22K]  Untitled 3.png
│   ├── [ 19K]  Untitled 4.png
│   ├── [ 57K]  Untitled 5.png
│   ├── [119K]  Untitled 6.png
│   ├── [ 94K]  Untitled 7.png
│   └── [245K]  Untitled.png
├── [9.4K]  readme.md
└── [ 25K]  test.jpg

1 directory, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →