CVE-2024-7985 PoC — FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

Source

https://github.com/Nxploited/CVE-2024-7985-PoC

Associated Vulnerability

Title:FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload (CVE-2024-7985)
Description:The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.

Description

FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

Readme

# CVE-2024-7985-PoC
FileOrganizer &lt;= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

# FileOrganizer Exploit - CVE-2024-7985

## 📌 Overview
**CVE-2024-7985** - WordPress Plugin **FileOrganizer <= 1.0.9** is vulnerable to **authenticated arbitrary file uploads**, allowing attackers with **Subscriber+** privileges to upload and execute malicious files remotely. This vulnerability arises from **missing file type validation** in the `fileorganizer_ajax_handler` function, making **Remote Code Execution (RCE) possible**.

🚨 **This exploit allows attackers to execute arbitrary commands on the server!** 🚨

## ⚡ Features
- ✅ **Automates the attack** - Login, retrieve nonce, exploit.
- ✅ **Bypasses security checks** by utilizing authenticated user privileges.
- ✅ **Automatic version detection** - Ensures the target is vulnerable.
- ✅ **Custom command execution** - User can specify any command.
- ✅ **Handles SSL verification issues** seamlessly.

## 🛠️ Requirements
- **Python 3**
- `requests`
- `beautifulsoup4`

Install dependencies:
```bash
pip install requests beautifulsoup4
```

## 🚀 Usage
```bash
python CVE-2024-7985.py --url "http://target-site.com/wordpress" --username "admin" --password "admin" --cmd "whoami"
```

## 📖 Usage -Help
```
usage: CVE-2024-7985.py [-h] --url URL --username USERNAME --password PASSWORD [--cmd CMD]

FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload by | Nxploit Khaled_alenazi

options:
  -h, --help           show this help message and exit
  --url URL            Target WordPress site URL
  --username USERNAME  WordPress Username
  --password PASSWORD  WordPress Password
  --cmd CMD            Command to execute in uploaded file
```



### Example Output:
```
[+] Vulnerable version detected: 1.0.9
[+] Logged in successfully!
[+] Extracted nonce: 7b4a95872b
[+] File uploaded successfully!
[+] Access file at: http://target-site.com/wordpress/wp-content/uploads/fileorganizer/cmd.php?cmd=whoami
```

## 🔍 Exploit Workflow
1️⃣ **Version Check** - Determines if the site is vulnerable.  
2️⃣ **Authentication** - Logs into WordPress.  
3️⃣ **Nonce Extraction** - Retrieves security token.  
4️⃣ **File Upload** - Uploads a malicious PHP script.  
5️⃣ **Command Execution** - Executes user-specified commands.  

---

### 📌 Disclaimer 
This script is for educational purposes only; the author holds no responsibility for any misuse or consequences. 🚨

File Snapshot


 [4.0K]  /data/pocs/838a097d0748625274086ff0bd7c860891514696
├── [4.3K]  CVE-2024-7985.py
└── [2.4K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!