google · hh-hunter · Feb 8, 2025 · Feb 8, 2025 · Feb 8, 2025
diff --git a/wordpress/cve-2021-24499/README.md b/wordpress/cve-2021-24499/README.md
@@ -0,0 +1,15 @@
+# WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution (CVE-2021-24499)
+
+The Workreap WordPress theme version prior to 2.2.2 is plagued by a lack of nonce checks and user validation, enabling unauthenticated users to upload arbitrary files with malicious executable code.
+The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
+
+
+
+# Docker-compose
+
+You can deploy the vulnerable version of WordPress Plugin DZS Zoomsounds by running in docker-compose:
+```
+docker-compose -f docker-compose.yml up
+```
+It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [8080].
+
diff --git a/wordpress/cve-2021-24499/docker-compose.yml b/wordpress/cve-2021-24499/docker-compose.yml
@@ -0,0 +1,23 @@
+version: '3.1'
+services:
+  wordpress:
+    image: ghcr.io/hh-hunter/cve202124499:latest
+    restart: always
+    ports:
+      - 8080:80
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: exampleuser
+      WORDPRESS_DB_PASSWORD: examplepass
+      WORDPRESS_DB_NAME: exampledb
+  db:
+    image: mysql:5.7
+    restart: always
+    environment:
+      MYSQL_DATABASE: exampledb
+      MYSQL_USER: exampleuser
+      MYSQL_PASSWORD: examplepass
+      MYSQL_ROOT_PASSWORD: '1'
+    volumes:
+      - ./db:/var/lib/mysql
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql