CVE-2018-12895 PoC — WordPress 路径遍历漏洞

Source

https://github.com/bloom-ux/cve-2018-12895-hotfix

Associated Vulnerability

Title:WordPress 路径遍历漏洞 (CVE-2018-12895)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.9.6及之前版本中的wp-admin/post.php文件的‘wp-admin/post.php’函数存在目录遍历漏洞，该漏洞源于程序没有验证文件名称。攻击者可利用该漏洞删除任意的WordPress安装文件，执行任意代码。

Description

Hotfix for file deletion to to code execution vulnerability in WordPress

File Snapshot


 [4.0K]  /data/pocs/3560ef48bf7d33e740e21c643d6b9e7534f8bdb3
├── [ 482]  composer.json
├── [5.1K]  composer.lock
└── [ 534]  cve-2018-12895-hotfix.php

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!