google · hh-hunter · Feb 8, 2025 · Feb 8, 2025 · Feb 8, 2025 · Feb 8, 2025
diff --git a/wordpress/cve-2021-39316/README.md b/wordpress/cve-2021-39316/README.md
@@ -0,0 +1,13 @@
+# WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated CVE-2021-39316)
+
+The vulnerability allows a remote attacker to perform directory traversal attacks.
+The vulnerability exists due to input validation error when processing directory traversal sequences in the "link" parameter in the "dzsap_download" action. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
+
+# Docker-compose
+
+You can deploy the vulnerable version of WordPress Plugin DZS Zoomsounds by running in docker-compose:
+```
+docker-compose -f docker-compose.yml up
+```
+It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [8080].
+
diff --git a/wordpress/cve-2021-39316/docker-compose.yml b/wordpress/cve-2021-39316/docker-compose.yml
@@ -0,0 +1,23 @@
+version: '3.1'
+services:
+  wordpress:
+    image: ghcr.io/hh-hunter/cve202139316:latest
+    restart: always
+    ports:
+      - 8080:80
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: exampleuser
+      WORDPRESS_DB_PASSWORD: examplepass
+      WORDPRESS_DB_NAME: exampledb
+  db:
+    image: mysql:5.7
+    restart: always
+    environment:
+      MYSQL_DATABASE: exampledb
+      MYSQL_USER: exampleuser
+      MYSQL_PASSWORD: examplepass
+      MYSQL_ROOT_PASSWORD: '1'
+    volumes:
+      - ./db:/var/lib/mysql
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
diff --git a/wordpress/cve-2021-39316/init.sql b/wordpress/cve-2021-39316/init.sql