支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-39317 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
AccessPress Themes - Authenticated Malicious File Upload
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. The complete list of affected products and their versions are below: WordPress Plugin: AccessPress Demo Importer <=1.0.6 WordPress Themes: accesspress-basic <= 3.2.1 accesspress-lite <= 2.92 accesspress-mag <= 2.6.5 accesspress-parallax <= 4.5 accesspress-root <= 2.5 accesspress-store <= 2.4.9 agency-lite <= 1.1.6 arrival <= 1.4.2 bingle <= 1.0.4 bloger <= 1.2.6 brovy <= 1.3 construction-lite <= 1.2.5 doko <= 1.0.27 edict-lite <= 1.1.4 eightlaw-lite <= 2.1.5 eightmedi-lite <= 2.1.8 eight-sec <= 1.1.4 eightstore-lite <= 1.2.5 enlighten <= 1.3.5 fotography <= 2.4.0 opstore <= 1.4.3 parallaxsome <= 1.3.6 punte <= 1.1.2 revolve <= 1.3.1 ripple <= 1.2.0 sakala <= 1.0.4 scrollme <= 2.1.0 storevilla <= 1.4.1 swing-lite <= 1.1.9 the100 <= 1.1.2 the-launcher <= 1.3.2 the-monday <= 1.4.1 ultra-seven <= 1.2.8 uncode-lite <= 1.3.3 vmag <= 1.2.7 vmagazine-lite <= 1.3.5 vmagazine-news <= 1.0.5 wpparallax <= 2.0.6 wp-store <= 1.1.9 zigcy-baby <= 1.0.6 zigcy-cosmetics <= 1.0.5 zigcy-lite <= 2.0.9
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
授权机制不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
WordPress 代码问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。uninstall是使用在其中一个用于完全卸载WordPress的插件。 WordPress 插件 存在代码问题漏洞,该漏洞源于 Access Demo Importer 插件在 ~/inc/demo-functions 中找到的 plugin_offline_installer_callback 函数中缺少功能检查。容易通过 plugin_off
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
AccessPress ThemesAccess Demo Importer 1.0.6 ~ 1.0.6 -
AccessPress Themesaccesspress-basic 3.2.1 ~ 3.2.1 -
AccessPress Themesaccesspress-lite 2.9.2 ~ 2.9.2 -
AccessPress Themesaccesspress-mag 2.6.5 ~ 2.6.5 -
AccessPress Themesaccesspress-parallax 4.5 ~ 4.5 -
AccessPress Themesaccesspress-root 2.5 ~ 2.5 -
AccessPress Themesaccesspress-store 2.4.9 ~ 2.4.9 -
AccessPress Themesagency-lite 1.1.6 ~ 1.1.6 -
AccessPress Themesarrival 1.4.2 ~ 1.4.2 -
AccessPress Themesbingle 1.0.4 ~ 1.0.4 -
AccessPress Themesbloger 1.2.6 ~ 1.2.6 -
AccessPress Themesbrovy 1.3 ~ 1.3 -
AccessPress Themesconstruction-lite 1.2.5 ~ 1.2.5 -
AccessPress Themesdoko 1.0.27 ~ 1.0.27 -
AccessPress Themesedict-lite 1.1.4 ~ 1.1.4 -
AccessPress Themesenlighten 1.3.5 ~ 1.3.5 -
AccessPress Themesfotography 2.4.0 ~ 2.4.0 -
AccessPress Themesopstore 1.4.3 ~ 1.4.3 -
AccessPress Themesparallaxsome 1.3.6 ~ 1.3.6 -
AccessPress Themespunte 1.1.2 ~ 1.1.2 -
AccessPress Themesrevolve 1.3.1 ~ 1.3.1 -
AccessPress Themesripple 1.2.0 ~ 1.2.0 -
AccessPress Themessakala 1.0.4 ~ 1.0.4 -
AccessPress Themesscrollme 2.1.0 ~ 2.1.0 -
AccessPress Themesstorevilla 1.4.1 ~ 1.4.1 -
AccessPress Themesswing-lite 1.1.9 ~ 1.1.9 -
AccessPress Themesswing-lite 1.1.9 ~ 1.1.9 -
AccessPress Themesthe100 1.1.2 ~ 1.1.2 -
AccessPress Themesthe-launcher 1.3.2 ~ 1.3.2 -
AccessPress Themesthe-monday 1.4.1 ~ 1.4.1 -
AccessPress Themesultra-seven 1.2.8 ~ 1.2.8 -
AccessPress Themesuncode-lite 1.3.3 ~ 1.3.3 -
AccessPress Themesvmag 1.2.7 ~ 1.2.7 -
AccessPress Themesvmagazine-lite 1.3.5 ~ 1.3.5 -
AccessPress Themesvmagazine-news 1.0.5 ~ 1.0.5 -
AccessPress Themeswpparallax 2.0.6 ~ 2.0.6 -
AccessPress Themeswp-store 1.1.9 ~ 1.1.9 -
AccessPress Themeszigcy-baby 1.0.6 ~ 1.0.6 -
AccessPress Themeszigcy-cosmetics 1.0.5 ~ 1.0.5 -
AccessPress Themeszigcy-lite 2.0.9 ~ 2.0.9 -
二、漏洞 CVE-2021-39317 的公开POC
#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2021-39317 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2021-39317 的评论

暂无评论

发表评论