CVE-2023–4666 || Form Maker by 10Web — Unauthenticated Arbitrary File Upload

Let’s see how to utilize Python to detect whether website that is utilizing “Form Maker by 10Web” plugin which is vulnerable to CVE-2023–4666

Background :

The Form Maker by 10Web plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘type_signature’ case of the save_db() function in versions up to, and including, 1.5.19. This makes it possible for unauthenticated attackers to upload arbitrary files, via the signature field, on the affected site’s server which may make remote code execution possible.

Affected versions:

Form Maker by 10Web <= 1.15.19

Installation:

1. Clone the repo

git clone https://github.com/IRB0T/CVE-Scan.git

2. Navigate to the “CVE-2023–4666” directory

cd CVE-2023–4666-Scan

3. Install the dependencies with pip. Depending on your local python3 setup, the required commands will be either:

pip install -r requirements.txt

ORpip3 install -r requirements.txt

4. Open CMD and type below command, Where you need to replace your target by providing appropriate URL. (E.g. Python CVE-2023–5360-Scan.py YOUR_URL)

Pyhton CVE-2023–4666-Scan.py http://192.168.0.2

Reference:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/form-maker/form-maker-by-10web-11519-unauthenticated-arbitrary-file-upload