From 0c7e589db8f645c7daeb9c29f01118b9f1786570 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Thu, 4 Apr 2019 13:32:00 -0700
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 47 +++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 9203dbcb82..0ab3466a0b 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -66645,6 +66645,53 @@
     "notes": {
     }
   },
+  "exploit_multi/http/wp_crop_rce": {
+    "name": "WordPress Crop-image Shell Upload",
+    "full_name": "exploit/multi/http/wp_crop_rce",
+    "rank": 600,
+    "disclosure_date": "2019-02-19",
+    "type": "exploit",
+    "author": [
+      "RIPSTECH Technology",
+      "Wilfried Becard <wilfried.becard@synacktiv.com>"
+    ],
+    "description": "This module exploits a path traversal and a local file inclusion\n          vulnerability on WordPress versions 5.0.0 and <= 4.9.8.\n          The crop-image function allows a user, with at least author privileges,\n          to resize an image and perform a path traversal by changing the _wp_attached_file\n          reference during the upload. The second part of the exploit will include\n          this image in the current theme by changing the _wp_page_template attribute\n          when creating a post.\n\n          This exploit module only works for Unix-based systems currently.",
+    "references": [
+      "CVE-2019-8942",
+      "CVE-2019-8943",
+      "URL-https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "WordPress"
+    ],
+    "mod_time": "2019-04-04 15:19:58 +0000",
+    "path": "/modules/exploits/multi/http/wp_crop_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_crop_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+    }
+  },
   "exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": {
     "name": "WordPress Ninja Forms Unauthenticated File Upload",
     "full_name": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",