← back
CVE-2020-24186

CVE-2020-24186

CVSS 10 CRITICALEPSS 94.6%
Vexday Risk Score
85Fix now
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 10EPSS 94.6%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
21 Feb 2020Metasploit module available
24 Aug 2020Published on NVD
07 Jun 2021Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
Affected products
n/a · n/a
public PoCs found11
githubgithub.com/hev0x/CVE-2020-24186-wpDiscuz-7.0.4-RCE19githubgithub.com/substing/CVE-2020-24186_reverse_shell_upload13githubgithub.com/Sakura-501/CVE-2020-24186-exploit3githubgithub.com/GazettEl/CVE-2020-241860githubgithub.com/sec-dojo-com/CVE-2020-241860githubgithub.com/meicookies/CVE-2020-241860exploitdbwww.exploit-db.com/exploits/49967unverifiedcve_referencepacketstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49962unverifiedcve_referencepacketstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlhttp://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlhttps://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/