Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11738 PoC — WordPress Snap Creek Duplicator和Duplicator Pro 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11738.yaml
Associated Vulnerability
Title:WordPress Snap Creek Duplicator和Duplicator Pro 路径遍历漏洞 (CVE-2020-11738)
Description:The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
Description
WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two
versions v1.3.24 and v1.3.26, the vulnerability wasn't
present in versions 1.3.22 and before.
File Snapshot

 id: CVE-2020-11738

info:
  name: WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
  auth

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →