Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload# CVE-2025-10041
Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
# 🚨 Flex QR Code Generator ≤ 1.2.5 - Unauthenticated Arbitrary File Upload
---
## 📝 Description
The **Flex QR Code Generator** plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `save_qr_code_to_db()` function in all versions up to, and including, `1.2.5`.
This allows **unauthenticated attackers** to upload malicious files to the affected site's server, potentially leading to remote code execution.
- **CVE:** `CVE-2025-10041`
- **CVSS:** `9.8 (Critical)`
---
## 💡 About This Script
`CVE-2025-10041.py` is a professional exploit tool designed to automate the attack by leveraging this vulnerability.
It provides advanced features for bypassing common protections and encoding techniques.
---
## ⚙️ Features
- **Automatic vulnerability detection** (version check)
- **Arbitrary file upload** (including PHP webshells)
- **Filename encoding bypass**: Base64 or URL encoding
- **Content encoding bypass**: PHP base64 wrapper for shell code
- **Randomized HTTP headers** to evade basic WAFs
- **Custom header support**
- **Full command-line interface** with argument parsing and help message
---
## 🖥️ Usage
### 1. **Basic Exploit**
```bash
python3 CVE-2025-10041.py -u http://target.com
```
### 2. **Shell Filename Encoding**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_filename base64
python3 CVE-2025-10041.py -u http://target.com --encode_filename url
```
### 3. **Shell Content Encoding**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64
```
### 4. **Custom Shell Filename**
```bash
python3 CVE-2025-10041.py -u http://target.com --shellname myevil.php
```
### 5. **Advanced (Combine Options)**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64 --encode_filename base64 --shellname myevil.php
```
### 6. **Custom Headers**
```bash
python3 CVE-2025-10041.py -u http://target.com --headers "X-Forwarded-For: 127.0.0.1" "Cookie: PHPSESSID=1337"
```
---
## 🆘 Help
To see all available options and usage instructions:
```bash
python3 CVE-2025-10041.py --help
```
---
## 🔓 Bypass Techniques
- **Filename encoding**: Some servers block `.php` or suspicious names; encoding may evade filters.
- **Content encoding**: Wrapping shell code in `eval(base64_decode(...))` may bypass content filters.
- **Random headers**: Rotating user-agent, referer, and cookies to avoid detection.
- **Custom headers**: Add your own headers for advanced evasion.
---
## 📋 Example Output
```
Checking vulnerability version...
Target is vulnerable ...
Exploiting ...
Uploading shell 'shell.php' ...
Shell uploaded successfully.
Shell path (guess): /wp-content/uploads/shell_3.php
Response: {...}
```
---
## ⚠️ Disclaimer
This script is provided **for educational, research, and authorized penetration testing purposes only**.
**Unauthorized use** against systems you do not own or have explicit permission to test is strictly prohibited and illegal.
The author is **not responsible** for any misuse or damage caused by this tool.
---
## ✍️ By:
*Nxploited (Khaled Alenazi)*
---
[4.0K] /data/pocs/c9fb5487c26b60f466a60d2cb4d9fe682675fd50
├── [6.5K] CVE-2025-10041.py
├── [1.5K] LICENSE
├── [3.2K] README.md
└── [ 17] requirements.txt
1 directory, 4 files