关联漏洞
标题:
WordPress plugin Frontend File Manager 代码问题漏洞
(CVE-2016-15042)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Frontend File Manager 4.0版本和N-Media Post Front-end Form 1.1版本存在代码问题漏洞,该漏洞源于nm_filemanager_upload_file和nm_postfron
描述
CVE-2016-15042 lab: Dockerized WordPress PoC for unauthenticated file upload in Frontend File Manager <4.0 and N‑Media Post Front‑end Form <1.1
介绍
# CVE-2016-15042 – WordPress Frontend File Manager & N‑Media Post Front‑end Form Unauthenticated File Upload (PoC Lab)
Fully reproducible, Dockerized lab to validate and demonstrate CVE-2016-15042:
- Frontend File Manager (`nmedia-user-file-uploader`) v3.7 (vulnerable < 4.0)
- N‑Media Post Front‑end Form (`wp-post-frontend`) v1.0 (vulnerable < 1.1)
This repo provides a one-command setup, verification steps with Nuclei, and artifacts for reviewers. Keywords: WordPress, CVE-2016-15042, unauthenticated file upload, arbitrary file upload, PoC, security lab, Docker.
## Requirements
- Docker + Docker Compose plugin
- curl
- Nuclei (optional, for verification)
## Quick start
```bash
./scripts/setup.sh
```
Once finished:
- WordPress: <http://localhost:8090>
- Admin: admin / admin
- Public user: publicuser / publicpass
## Verify the vulnerability with Nuclei (debug enabled)
Option A: Download the template locally into this lab folder and run it.
```bash
curl -sL "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/http/cves/2016/CVE-2016-15042.yaml" -o ./CVE-2016-15042.yaml
nuclei -t ./CVE-2016-15042.yaml -u http://localhost:8090 -debug -vv \
| tee ./debug/CVE-2016-15042-debug.txt
```
Option B: If you have the templates repo locally, run the template by path:
```bash
nuclei -t /path/to/nuclei-templates/http/cves/2016/CVE-2016-15042.yaml -u http://localhost:8090 -debug -vv \
| tee ./debug/CVE-2016-15042-debug.txt
```
The debug output file is stored at `./debug/CVE-2016-15042-debug.txt` for reviewers.
## What this lab does
- Boots a clean WordPress with the two vulnerable plugins
- Configures guest uploads for Frontend File Manager for reliable unauthenticated testing
- Exposes WordPress on `localhost:8090`
## Notes
- If ports or credentials collide in your setup, edit `docker-compose.yml` and re-run the script.
- Artifacts are kept under `./debug/` for easy PR review.
## References
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-15042
- Plugin Vulnerabilities (Frontend File Manager): https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/
- Plugin Vulnerabilities (N‑Media Post Front‑end Form): https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/
文件快照
[4.0K] /data/pocs/c42cbc0a7731d94050915fdb6496bc1d2a4ac18b
├── [4.0K] debug
│ └── [ 645] CVE-2016-15042-debug.txt
├── [1.0K] docker-compose.yml
├── [4.0K] plugins
├── [2.3K] README.md
└── [4.0K] scripts
└── [2.2K] setup.sh
3 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。