Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-20985 PoC — WordPress wp-payeezy-pay插件输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-20985.yaml
Associated Vulnerability
Title:WordPress wp-payeezy-pay插件输入验证错误漏洞 (CVE-2018-20985)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。wp-payeezy-pay是使用在其中的一个在线安全支付表单插件。 WordPress wp-payeezy-pay插件2.98之前版本中的pay.php、donate.php、donate-rec和pay-rec文件存在本地文件包含漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Description
WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
File Snapshot

 id: CVE-2018-20985

info:
  name: WordPress Payeezy Pay <=2.97 - Local File Inclusion
  author: daff

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.