支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-38314 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
信息暴露
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
WordPress 插件安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress Plugin 存在安全漏洞,该漏洞源于 The Gutenberg Template Library & Redux Framework 的未经身份验证的敏感信息披露。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Redux.ioGutenberg Template Library & Redux Framework 4.2.11 ~ 4.2.11 -
二、漏洞 CVE-2021-38314 的公开POC
#POC 描述源链接神龙链接
1 Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).https://github.com/orangmuda/CVE-2021-38314POC详情
2Nonehttps://github.com/phrantom/cve-2021-38314POC详情
3Nonehttps://github.com/shubhayu-64/CVE-2021-38314POC详情
4cve-2021-38314 - Unauthenticated Sensitive Information Disclosurehttps://github.com/twseptian/cve-2021-38314POC详情
5Python exploit for CVE-2021-38314https://github.com/c0ff33b34n/CVE-2021-38314POC详情
6CVE-2021-38314 Python Exploithttps://github.com/akhilkoradiya/CVE-2021-38314POC详情
7Exploit in python3 to explore CVE-2021-38314 in Redux Framework a wordpress plugin https://github.com/0xGabe/CVE-2021-38314POC详情
8WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-38314.yamlPOC详情
9Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/WordPress%20Redux%20Framework%20class-redux-helpers.php%20%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E%20CVE-2021-38314.mdPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2021-38314 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2021-38314 的评论

暂无评论

发表评论