# File Away <= 3.9.9.0.1 - 缺乏授权导致未认证的任意文件读取
## 漏洞概述
File Away插件对于所有版本到并包括3.9.9.0.1的WordPress存在未经授权的数据访问漏洞。这是因为`ajax()`函数缺少能力检查,导致未认证的攻击者可以利用可逆的弱算法读取服务器上的任意文件,从而获取敏感信息。
## 影响版本
- 所有版本至包括3.9.9.0.1
## 漏洞细节
- **问题位置**:`ajax()`函数缺少能力检查。
- **利用方式**:未认证攻击者可以通过利用可逆的弱算法读取服务器上的任意文件。
## 影响
- 未认证攻击者可以读取服务器上的任意文件,这些文件可能包含敏感信息。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2539.yaml | POC详情 |
| 2 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read | https://github.com/verylazytech/CVE-2025-2539 | POC详情 |
| 3 | Unauthenticated Arbitrary File Read exploit for WordPress File Away Plugin ≤ 3.9.9.0.1 | https://github.com/RootHarpy/CVE-2025-2539 | POC详情 |
| 4 | CVE-2025-2539 - WordPress File Away <= 3.9.9.0.1 - Arbitrary File Read | https://github.com/Yucaerin/CVE-2025-2539 | POC详情 |
| 5 | None | https://github.com/d4rkh0rse/CVE-2025-2539 | POC详情 |
暂无评论