支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 5eff6f6260b22c2cd0f06601c0d1e1262e3c3dfb

来源
https://github.com/Yucaerin/CVE-2025-3419
关联漏洞
标题:WordPress plugin Event Manager, Events Calendar, Tickets, Registrations – Eventin 安全漏洞 (CVE-2025-3419)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Event Manager, Events Calendar, Tickets, Registrations – Eventin 4.0.26及之前版本存在安全漏洞,该漏洞源于proxy_image函数可能导致未经验证的攻击者
Description
The Eventin plugin (<= 4.0.26) for WordPress contains an unauthenticated arbitrary file read vulnerability
介绍
# CVE-2025-3419 - WordPress Eventin <= 4.0.26 - Arbitrary File Read

🔥 **Vulnerability Summary**

The Eventin plugin (<= 4.0.26) for WordPress contains an unauthenticated arbitrary file read vulnerability in the `proxy_image()` function. Attackers exploit insufficient input validation by manipulating the `url` parameter to fetch server files (e.g., `/etc/passwd`, `wp-config.php`). The function fails to restrict access to local file paths, allowing directory traversal (e.g., `../../`). This exposes sensitive data like database credentials, API keys, and system files. The flaw stems from missing sanitization checks before file operations.

🔍 **Affected Plugin**
- Plugin Name: Eventin
- Affected Version: <= 4.0.26
- Vulnerability Type: Unauthenticated Arbitrary File Read
- CVE ID: CVE-2025-3419
- CVSS Score: 9.8 (Critical)
- Impact: Sensitive File Disclosure

🧪 **Exploit Features**
- ✅ Automatically sends file read request to `?action=proxy_image&url=file:///etc/passwd`
- 🔎 Detects presence of `/etc/passwd` via keyword `root:x:0:0:`
- 🧠 Checks server header (`Apache` or `Nginx`)
- 💾 Saves:
  - All vulnerable targets to `result.txt`
  - Apache-based servers to `passwd_server_apache.txt`
  - Nginx-based servers to `passwd_server_nginx.txt`

🚀 **Usage**
1. Create a `list.txt` file containing target domains (one per line, without `http://` or `https://`)
   ```
   example.com
   site123.org
   ```

2. Run the script:
   ```bash
   python3 cve_2025_3419_checker.py
   ```

📁 **Output**
- `result.txt`: List of sites leaking `/etc/passwd`
- `passwd_server_apache.txt`: Apache servers vulnerable
- `passwd_server_nginx.txt`: Nginx servers vulnerable

🧠 **Researcher**
Credit: [DailyCVE](https://dailycve.com/wordpress-arbitrary-file-read-cve-2025-3419-critical/)

🔒 **Disclaimer:**  
This tool is for educational and authorized testing purposes only. Do not use against targets you do not have permission to assess.
文件快照

 [4.0K]  /data/pocs/5eff6f6260b22c2cd0f06601c0d1e1262e3c3dfb
├── [2.2K]  CVE-2025-3419.py
└── [1.9K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。