CVE-2014-6446
published 2014-09-26CVE-2014-6446: The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary…
PriorityP273high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
46.17%
98.7th percentile
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
| infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php [fileNamePattern=<random>.php&fileTemplate=<payload>]↗
- →Detect unauthenticated POST requests to the vulnerable code_generator.php endpoint with multipart or form-encoded body containing 'fileNamePattern' and 'fileTemplate' parameters — this is the upload trigger. ↗
- →Alert on HTTP 200 responses from code_generator.php whose body contains the string 'Creating File', which confirms successful payload deployment. ↗
- →Monitor for new .php files appearing under the plugin's utilities/ directory (wp-content/plugins/infusionsoft/Infusionsoft/utilities/), as the exploit drops a randomly named PHP webshell there. ↗
- →A subsequent GET request to the newly created .php file in the utilities/ path immediately after the POST is the webshell execution step — correlate the two requests to confirm exploitation. ↗
- →Probe/check requests can be identified by a GET to code_generator.php that returns HTTP 200 with both 'Code Generator' and 'Infusionsoft' in the response body — indicates active reconnaissance for this CVE. ↗
- ·Affected version range is strictly 1.5.3 through 1.5.10 of the Infusionsoft Gravity Forms WordPress plugin; versions outside this range are not vulnerable. ↗
- ·The vulnerability requires no authentication — the code_generator.php script does not restrict access, making it exploitable by any remote attacker without credentials. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)
exploitdb·2014-10-09
CVE-2014-6446 WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)
WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability',
'Description' => %q{
This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
upload and remote code execution.
},
'Author' =>
[
'g0blin', # Vulnerability Discovery
'us3r777 ' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2014-6446'],
['URL', 'http://research.g0blin.co.uk/cve-2014-6446/'],
['WPVDB', '7634']
],
'Privileged' => false,
'Platform' => 'php',
Metasploit
Wordpress InfusionSoft Upload Vulnerability
metasploit
Wordpress InfusionSoft Upload Vulnerability
Wordpress InfusionSoft Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/112171http://packetstormsecurity.com/files/131002/Wordpress-InfusionSoft-Shell-Upload.htmlhttp://research.g0blin.co.uk/cve-2014-6446/http://www.exploit-db.com/exploits/34925https://wordpress.org/plugins/infusionsoft/changelog/http://osvdb.org/show/osvdb/112171http://packetstormsecurity.com/files/131002/Wordpress-InfusionSoft-Shell-Upload.htmlhttp://research.g0blin.co.uk/cve-2014-6446/http://www.exploit-db.com/exploits/34925https://wordpress.org/plugins/infusionsoft/changelog/
2014-09-26
Published