CVE-2020-24186

Description

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

MITRE
Severity: CRITICAL
CVE ID: CVE-2020-24186
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-24186

Refrence: Project Discovery GitHub

hev0x

wpDiscuz 7.0.4 Remote Code Execution

Refrence: GitHub

meicookies

WpDiscuz 7.0.4 Arbitrary File Upload Exploit

Refrence: GitHub

Sakura-501

CVE-2020-24186的攻击脚本

Refrence: GitHub

substing

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept