Exploit for Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload CVE-2023-5604

Name: Exploit for Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload CVE-2023-5604
Rating: 5 (185 reviews)

2023-11-06 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:4CE69D71-87BF-4D95-90F2-63D558C78B69
Any user who has the rights to modify the settings area of the Asgaros plugin (/wp-admin/admin.php?page=asgarosforum-options), like forum administrators, can authorize users to upload malicious files (e.g. .php, .phtml files) on the site.