漏洞描述
WordPres 默认配置安装的 Brick Builder 主题在低于<= 1.9.6版本中存在远程代码执行漏洞,是由"prepare_query_vars_from_settings "函数中的一个 eval 函数错误调用导致的,未经身份验证的威胁攻击者可利用该函数执行任意PHP 代码,写入后门文件获取服务器权限。
WordPres Bricks Builder 前台RCE漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-7765: Schneider Electric U.motion Builder - SQL Injection
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC wordpress-meta-box-fpd: WordPress Meta Box - Full Path Disclosure
- POC wp-add-search-to-menu-fpd: WordPress Ivory Search - Full Path Disclosure
- POC wp-advanced-iframe-fpd: WordPress Advanced iFrame - Full Path Disclosure
- POC wp-advanced-responsive-video-embedder-fpd: WordPress Advanced Responsive Video Embedder - Full Path Disclosure
- POC wp-ajax-load-more-anything-fpd: WordPress Load More Anything - Full Path Disclosure
- POC wp-ajax-search-lite-fpd: WordPress Ajax Search Lite - Full Path Disclosure
- POC wp-all-in-one-seo-pack-fpd: WordPress All in One SEO Pack - Full Path Disclosure
- POC wp-astra-fpd: WordPress Astra - Full Path Disclosure
- POC wp-better-wp-security-fpd: WordPress Plugin iThemes Security - Full Path Disclosure
- POC wp-call-now-button-fpd: WordPress Call Now Button - Full Path Disclosure
- POC wp-contact-form-7-fpd: WordPress Contact Form 7 - Full Path Disclosure