CVE-2025-34085

Sažetak

An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.

Reference

https://packetstorm.news/files/id/160221
https://plugins.trac.wordpress.org/changeset/2286920/simple-file-list
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_simple_file_list_rce.rb
https://simplefilelist.com/
https://vulncheck.com/advisories/wordpress-simple-file-list-plugin-rce
https://web.archive.org/web/20220426044003/https://wpscan.com/vulnerability/10192/
https://wordpress.org/plugins/simple-file-list/
https://www.cybersecurity-help.cz/vdb/SB2020042711
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-file-list/simple-file-list-423-remote-code-execution

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

09-07-2025 - 01:15

Objavljeno

09-07-2025 - 01:15