CVE-2023–5360 || “Royal Elementor Addons”
Let’s see how to utilize Python to detect whether website that is utilizing “Royal Elementor Addons” plugin which is vulnerable to CVE-2023–5360
Background :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.3.78. This is due to insufficient file type validation in the handle_file_upload() function called via AJAX which allows attackers to supply a preferred filetype extension to the ‘allowed_file_types‘ parameter, with a special character, which makes it possible for the uploaded file to bypass their filter list.
“Royal Elementor Addons and Templates (WordPress plugin) installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files to vulnerable sites.”
Affected versions:
Royal Elementor Addons and Templates Versions: < 1.3.79
Let’s see how to utilize script to check:
Installation:
- Clone the repo
git clone https://github.com/IRB0T/CVE-Scan.git2. Navigate to the “CVE-2023–5360” directory
cd CVE-2023–5360-Scan3. Install the dependencies with pip. Depending on your local python3 setup, the required commands will be either:
pip install -r requirements.txtORpip3 install -r requirements.txt
4. Open CMD and type below command, Where you need to replace your target by providing appropriate url. (E.g. Python CVE-2023–5360-Scan.py YOUR_URL)
Pyhton CVE-2023-5360-Scan.py http://192.168.0.2
Reference:
