Titre complet: WordPress Simple File List Unauthenticated Remote Code Execution Exploit 
Catégorie: remote exploits
Plateforme: php
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

# 0day.today @ http://0day.today/