Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-35489

Published: 17/12/2020 Updated: 22/12/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Rocklobster

Vulnerability Summary

The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rocklobster contact form 7

Github Repositories

https://github.com/reneoliveirajr/wp_CVE-2020-35489_checker

WordPress Sites Vulnerability Checker for CVE-2020-35489 - "Educational Use Only"

wp_CVE-2020-35489_checker CVE-2020-35489 - Introduction The wp_CVE-2020-35489_checker is a Python command-line tool designed to check if a WordPress website is vulnerable to CVE-2020-35489 This particular vulnerability stems from a security flaw in the WordPress Contact Form 7 plugin versions before 532 It enables unauthenticated attackers to upload malicious scripts via fo

https://github.com/dn9uy3n/Check-WP-CVE-2020-35489

The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489

Check-WP-CVE-2020-35489 CVE-2020-35489 The CVE-2020-35489 is discovered in the WordPress plugin Contact Form 7 531 and older versions By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website An estimated 5 million websites were affected The PoC will be disp

https://github.com/El-Palomo/MR-ROBOT-1

Desarrollo del CTF MR-ROBOT:1

MR-ROBOT-1 Desarrollo del CTF MR-ROBOT:1 Download VM: wwwvulnhubcom/entry/mr-robot-1,151/ 1 Configuración El objetivo de la VM no es obtener ROOT El objetivo es obtener 03 keys 2 Escaneo de Puertos nmap -n -P0 -p- -sC -sV -O -T5 -oA full 101010137 Nmap scan report for 101010137 Host is up (000064s latency) Not shown: 65532 filtered ports PORT S

https://github.com/X0UCYB3R/Check-WP-CVE-2020-35489

Check-WP-CVE-2020-35489 CVE-2020-35489 The CVE-2020-35489 is discovered in the WordPress plugin Contact Form 7 531 and older versions By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website An estimated 5 million websites were affected The PoC will be disp

References

CWE-434https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/https://wordpress.org/plugins/contact-form-7/#developershttps://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/https://contactform7.com/2020/12/17/contact-form-7-532/https://wpscan.com/vulnerability/10508https://nvd.nist.govhttps://github.com/reneoliveirajr/wp_CVE-2020-35489_checker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook