Exploits / Vulnerability Discovered : 2018-11-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress theme cherryframework 3.1.4 backup file download is for educational purposes only and if it is used you will do on your own risk!
# The CherryFramework Cherry theme 3.1.4 for WordPress allow
# remote attackers to
# obtain potentially sensitive information via
# wp-content/themes/CherryFramework/admin/data_management/ download_backup.php
# because it
# offers the option of a ZIP archive containing the entire content of the wp-content/themes directory.
# [PoC]
# just open that files/link and then showing the popup for saving a .ZIP file
# EXAMPLE LINK =