CVE-2020-24186
Description
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
MITRE
Severity: CRITICAL
CVE ID: CVE-2020-24186
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-24186
Refrence: Project Discovery GitHub
hev0x
wpDiscuz 7.0.4 Remote Code Execution
Refrence: GitHub
meicookies
WpDiscuz 7.0.4 Arbitrary File Upload Exploit
Refrence: GitHub
Sakura-501
CVE-2020-24186的攻击脚本
Refrence: GitHub
substing
Refrence: GitHub