一、 漏洞 CVE-2025-0366 基础信息
漏洞标题
Jupiter X Core <= 4.8.7 认证 (Contributor+) SVG 上传导致本地文件包含(远程代码执行)漏洞
来源:AIGC 神龙大模型
漏洞描述信息
WordPress使用的Jupiter X Core插件在所有版本(包括4.8.7版本)中存在本地文件包含漏洞,可进一步导致远程代码执行。攻击者可以通过该插件的get_svg()函数包含并执行服务器上的任意文件,从而执行这些文件中的任意PHP代码。这使得拥有Contributor级别及以上权限的认证攻击者可以绕过访问控制,获取敏感数据,或实现代码执行。具体来说,攻击者可以创建一个允许SVG上传的表单,上传包含恶意内容的SVG文件,然后在文章中包含该SVG文件以实现远程代码执行。这意味着默认情况下,拥有Contributor级别及以上权限的用户相对容易获得远程代码执行的能力。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:AIGC 神龙大模型
漏洞标题
Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-0366 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-0366 的情报信息

  • 标题: Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) -- 🔗来源链接

    标签:

    Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution)

  • 标题: Changeset 3231122 for jupiterx-core/trunk/includes/extensions/raven/includes/modules/video/widgets/video.php – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3231122 for jupiterx-core/trunk/includes/extensions/raven/includes/modules/video/widgets/video.php – WordPress Plugin Repository

  • 标题: Changeset 3231122 for jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3231122 for jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/ajax-handler.php – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2025-0366