admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2021/CVE-2021-29447.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

145 lines
7.3 KiB
Markdown
Raw Blame History

### [CVE-2021-29447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447)
![](https://img.shields.io/static/v1?label=Product&message=wordpress-develop&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%205.6.0%2C%20%3C%205.7.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=%7B%22CWE-611%22%3A%22Improper%20Restriction%20of%20XML%20External%20Entity%20Reference%22%7D&color=brightgreen)
### Description
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
### POC
#### Reference
- http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html
- http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html
- https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/
#### Github
- https://github.com/0xRar/CVE-2021-29447-PoC
- https://github.com/0xfke/500-free-TryHackMe-rooms
- https://github.com/0xjukai/Web-security
- https://github.com/0xkarthi/Tryhackme-Roadmap
- https://github.com/0xneobyte/TryHackMe-Learning-Path-From-Beginner-to-Expert
- https://github.com/20142995/nuclei-templates
- https://github.com/5thphlame/Free-Rooms-TryHackMe
- https://github.com/ARESHAmohanad/THM
- https://github.com/ARESHAmohanad/tryhackme
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Abdulaziz-AlZabin/IEEE_Questions
- https://github.com/Abdulazizalsewedy/CVE-2021-29447
- https://github.com/Aijoo100/Aijoo100
- https://github.com/Anogota/MetaTwo
- https://github.com/AnonymousCTF/TryHackMe-Roadmap
- https://github.com/ArtemCyberLab/Project-Project-Chimera-Exploiting-a-Modern-WordPress-XXE-to-Pillage-Secrets-
- https://github.com/AssassinUKG/CVE-2021-29447
- https://github.com/AssassinUKG/Writeups
- https://github.com/BEPb/tryhackme
- https://github.com/Bhagat-CyberWala/TryHackMe-Free-Roadmap
- https://github.com/ButchBytes-sec/TryHackMe
- https://github.com/CybSemiK/RETEX-eJPTv2
- https://github.com/CybVulnHunter/TryhackME_Rooms
- https://github.com/Desofori/Tryhackme-RoadMap
- https://github.com/Dh4v4l8/TRYHACKME-ROOMS
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/FirikiIntelligence/Courses
- https://github.com/G01d3nW01f/CVE-2021-29447
- https://github.com/GibzB/THM-Captured-Rooms
- https://github.com/Grois333/WordPress-Hacking-Penetration-Testing
- https://github.com/H0j3n/EzpzCheatSheet
- https://github.com/Hunterdii/TryHackMe-Roadmap
- https://github.com/Hunterdii/tryhackme-free-rooms
- https://github.com/JMontRod/Pruebecita
- https://github.com/KerFew/TryHackMeFreePath
- https://github.com/Ki11i0n4ir3/CVE-2021-29447
- https://github.com/M3l0nPan/wordpress-cve-2021-29447
- https://github.com/Mangesh-Bhattacharya/TryHackMe-Roadmap
- https://github.com/MinLouisCyber/500-free-TryHackMe-rooms
- https://github.com/Mohammed-Hafeez-99/THM-checklist
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ossito/pentest-notes
- https://github.com/Pratham-verma/TryHackMe-Roadmap
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Ruviixx/proyecto-ps
- https://github.com/SYRTI/POC_to_review
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Shayanschakravarthy/tryhackme-free-rooms
- https://github.com/Shinbatsu/awesome-tryhackme
- https://github.com/Shinbatsu/tryhackme-awesome
- https://github.com/SinMaven/BugSauce
- https://github.com/SleepTheGod/WPSploiter
- https://github.com/SpriteCT/TryHackMe
- https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
- https://github.com/Tom-Riddle-4/IEEE_Questions
- https://github.com/Trivialcorgi/Proyecto-Prueba-PPS
- https://github.com/Val-Resh/CVE-2021-29447-POC
- https://github.com/Valay-2004/THM-Learning-PATH-Beginner-to-Expert-
- https://github.com/VegePizza/TryHackMe
- https://github.com/Vulnmachines/wordpress_cve-2021-29447
- https://github.com/WhooAmii/POC_to_review
- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database
- https://github.com/akyuksel/tryhackme-all-rooms-database
- https://github.com/andyhsu024/CVE-2021-29447
- https://github.com/b-abderrahmane/CVE-2021-29447-POC
- https://github.com/balajiuk14/tryhackmelearningpath
- https://github.com/beycanyildiz/TryHackMeRoadmap
- https://github.com/bhagat8920/TryHackMe-Free-Roadmap
- https://github.com/boniyeamincse/tryhackmefreeroom
- https://github.com/chandanmallick19/TryHackMe
- https://github.com/damarant/CTF
- https://github.com/darksagae/wpscan
- https://github.com/dasarivarunreddy/Tryhackme-RoadMap
- https://github.com/dasarivarunreddy/free-rooms-tryhackme
- https://github.com/dnr6419/CVE-2021-29447
- https://github.com/edwinantony1995/Tryhackme
- https://github.com/elf1337/blind-xxe-controller-CVE-2021-29447
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/hidayat-tanjung/Sql-Scanner
- https://github.com/imsalimansari/Try-Hack-Me-Roadmap
- https://github.com/insecrez/Bug-bounty-Writeups
- https://github.com/ishowcybersecurity/TryHackMe-Beginner-Roadmap
- https://github.com/jaspreet-infosec/TryHackMe-Roadmap
- https://github.com/k46th1/Tryhackme-Roadmap
- https://github.com/k4r7h1kn/Tryhackme-Roadmap
- https://github.com/k4r7hx/Tryhackme-Roadmap
- https://github.com/krazystar55/tryhackme
- https://github.com/lineeralgebra/My-Favorite-Boxes
- https://github.com/magicrc/CVE-2021-29447
- https://github.com/mauzware/THM-CTFs
- https://github.com/mega8bit/exploit_cve-2021-29447
- https://github.com/motikan2010/CVE-2021-29447
- https://github.com/motikan2010/blog.motikan2010.com
- https://github.com/n0-traces/cve_monitor
- https://github.com/nanasarpong024/tryhackme
- https://github.com/nguyenngocdung18/tryhackme
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ochysbliss/My-Tryhackme-
- https://github.com/omaradds1/THM
- https://github.com/pakkiraja/TryHackMe_Modules
- https://github.com/pentestfunctions/thm-room-points
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/ready-man/cms
- https://github.com/reptile0bug/Tryhackme-RoadMap
- https://github.com/rishabatra1802/TryHackMe_FreeRooms
- https://github.com/rng70/TryHackMe-Roadmap
- https://github.com/sengpakrenha/tryhackeme
- https://github.com/soosmile/POC
- https://github.com/specializzazione-cyber-security/demo-CVE-2021-29447-lezione
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tharushkadinujaya05/TryHackMe-Learning-Path-From-Beginner-to-Expert
- https://github.com/thebugbounter/TryHackMe-Roadmap
- https://github.com/thesakibrahman/THM-Free-Room
- https://github.com/thmrevenant/tryhackme
- https://github.com/thomas-osgood/CVE-2021-29447
- https://github.com/trhacknon/Pocingit
- https://github.com/tzwlhack/Vulnerability
- https://github.com/ultrew/TryHackMe-lab-index
- https://github.com/uttambodara/TryHackMeRoadmap
- https://github.com/viardant/CVE-2021-29447
- https://github.com/x00tex/hackTheBox
- https://github.com/xAKSx/TryHackMe
- https://github.com/zecool/cve
- https://github.com/zeroch1ll/cve-2021-29447
- https://github.com/zhanpengliu-tencent/medium-cve
- https://github.com/zulloper/cve-poc
Reference in New Issue View Git Blame Copy Permalink