Filter by tag: remote code execution

WordPress 5.0.0 Remote Code Execution

14 min read 19 Feb 2019 by Simon Scannell
This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core (CVE-2019-8943). The vulnerability remained uncovered in the WordPress core for over 6 years.

osClass 3.6.1: Remote Code Execution via Image File

10 min read 19 Dec 2016 by Robin Peraglie
In todays calendar gift, we present another beautiful chain of vulnerabilities which, in the end, allows an attacker to remotely execute arbitrary PHP code. This time, an attacker can smuggle his PHP payload through a valid image file. The issues were detected by RIPS in the open source marketplace software osClass 3.6.1 used for creating classifieds sites.