Skip to content
/ Check-WP-CVE-2020-35489 Public

The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489

31 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dn9uy3n/Check-WP-CVE-2020-35489

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
check_CVE-2020-35489.py
check_CVE-2020-35489.py
 
 
factory.py
factory.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Check-WP-CVE-2020-35489

CVE-2020-35489

The CVE-2020-35489 is discovered in the WordPress plugin Contact Form 7 5.3.1 and older versions. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website.

An estimated 5 million websites were affected.

The PoC will be displayed on December 31, 2020, to give users the time to update.

Reference

https://wpscan.com/vulnerability/10508

https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314

https://cwe.mitre.org/data/definitions/434.html

Run script

$ python3 check_CVE-2020-35489.py -d domaintest.com

Contact Form 7 version: 5.1.3
domaintest.com is vulnerable!

$ python3 check_CVE-2020-35489.py -i in.txt -o out.txt

About

The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489

Topics

wordpress-plugin contact-form-7 vulnerability-detection cve-2020-35489 unrestricted-file-upload

Resources

Readme
Activity

Stars

31 stars

Watchers

1 watching

Forks

14 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages