目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-29447 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
WordPress Authenticated XXE attack when installation is running PHP 8
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
WordPress 代码问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 存在代码问题漏洞,攻击者可利用该漏洞在成功的XXE攻击中可以访问内部文件。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
WordPresswordpress-develop >= 5.6.0, < 5.7.1 -
二、漏洞 CVE-2021-29447 的公开POC
#POC 描述源链接神龙链接
1WordPress - Authenticated XXE (CVE-2021-29447)https://github.com/motikan2010/CVE-2021-29447POC详情
2WordPress XXE vulnerabilityhttps://github.com/Vulnmachines/wordpress_cve-2021-29447POC详情
3Wordpress XXE injection 구축 자동화 및 PoC https://github.com/dnr6419/CVE-2021-29447POC详情
4Nonehttps://github.com/AssassinUKG/CVE-2021-29447POC详情
5Nonehttps://github.com/b-abderrahmane/CVE-2021-29447-POCPOC详情
6Arbitrary file read controller based on CVE-2021-29447https://github.com/elf1337/blind-xxe-controller-CVE-2021-29447POC详情
7Proof of Concept for CVE-2021-29447 written in Pythonhttps://github.com/Val-Resh/CVE-2021-29447-POCPOC详情
8Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.https://github.com/M3l0nPan/wordpress-cve-2021-29447POC详情
9Nonehttps://github.com/mega8bit/exploit_cve-2021-29447POC详情
10A Golang program to automate the execution of CVE-2021-29447https://github.com/thomas-osgood/CVE-2021-29447POC详情
11Nonehttps://github.com/Abdulazizalsewedy/CVE-2021-29447POC详情
12Nonehttps://github.com/G01d3nW01f/CVE-2021-29447POC详情
13CVE-2021-29447 - Authenticated XXE Injection - WordPress < 5.7.1 & PHP > 8 https://github.com/viardant/CVE-2021-29447POC详情
14A proof of concept exploit for a wordpress 5.6 media library vulnerabilityhttps://github.com/0xRar/CVE-2021-29447-PoCPOC详情
15Nonehttps://github.com/andyhsu024/CVE-2021-29447POC详情
16Nonehttps://github.com/specializzazione-cyber-security/demo-CVE-2021-29447-lezionePOC详情
17PoC for CVE-2021-29447https://github.com/magicrc/CVE-2021-29447POC详情
18POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7POC详情
19The objective is to conduct a full-scale security assessment of a WordPress-based web application, culminating in a complete server compromise. The assessment will focus on exploiting a specific, real-world vulnerability (CVE-2021-29447) to achieve initial access.https://github.com/ArtemCyberLab/Project-Project-Chimera-Exploiting-a-Modern-WordPress-XXE-to-Pillage-Secrets-POC详情
20A XXE payload generator https://github.com/0xricksanchez/CVE-2021-29447POC详情
21This repo describes about cve-2021-29447 and a small script for exploiting automaticallyhttps://github.com/davids52/cve-2021-29447_auto-scriptPOC详情
22Nonehttps://github.com/rdana55/CVE-2021-29447-PoCPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2021-29447 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: wordpress-develop
Same vendor: WordPress
Same weakness: CWE-611
V. Comments for CVE-2021-29447

暂无评论

发表评论