🔥 3-day streak
CompTIA PenTest+ (PT0-003)168 / 175
Question 168 of 175

During a web application assessment, you discover a WordPress site running a 'Media Manager Pro' plugin that allows authenticated contributors to upload files. The upload validation only checks the Content-Type header sent by the browser and the file extension against a blocklist that includes .php and .phtml. You have valid contributor credentials. Which technique is MOST likely to result in remote code execution?

Reviewed for accuracy · Report an issueNext question