プラットフォーム
wordpress
コンポーネント
busiprof
修正版
2.5.3
CVE-2026-39619 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Busiprof, a software component. This vulnerability allows an attacker to upload a malicious web shell to a web server, potentially leading to complete system compromise. The vulnerability affects versions from 0.0.0 through 2.5.2, and a patch is available in version 2.5.3.
The primary impact of CVE-2026-39619 is the ability for an attacker to execute arbitrary code on the affected web server. By leveraging the CSRF vulnerability, an attacker can trick a legitimate user into unknowingly triggering the web shell upload. Once the web shell is deployed, the attacker gains remote code execution capabilities, enabling them to modify files, steal sensitive data, install malware, or pivot to other systems on the network. The blast radius extends to any data stored or processed by the web server, and the attacker could potentially gain full control of the underlying infrastructure.
The vulnerability was published on 2026-04-08. Exploitation context is currently limited, and no public Proof-of-Concept (POC) code has been widely reported. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation if the vulnerability is exposed. It is recommended to prioritize remediation due to the potential for severe consequences.
エクスプロイト状況
EPSS
0.02% (5% パーセンタイル)
CVSS ベクトル
The recommended mitigation for CVE-2026-39619 is to immediately upgrade Busiprof to version 2.5.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as strict input validation on file upload endpoints and implementing CSRF protection mechanisms like double-submit cookies or SameSite cookies. Web Application Firewalls (WAFs) configured to detect and block suspicious file uploads can also provide a layer of defense. Monitor web server logs for unusual file uploads or execution attempts.
既知の修正パッチはありません。脆弱性の詳細を詳細に検討し、組織のリスク許容度に基づいて軽減策を実施してください。影響を受けるソフトウェアをアンインストールし、代替手段を見つけるのが最善かもしれません。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-39619 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Busiprof versions 0.0.0–2.5.2. It allows attackers to upload a web shell, potentially leading to remote code execution.
Yes, if you are running Busiprof versions 0.0.0 through 2.5.2, you are affected by this vulnerability. Immediately assess your systems and apply the necessary updates.
The recommended fix is to upgrade Busiprof to version 2.5.3 or later. If upgrading is not possible, implement temporary workarounds like input validation and CSRF protection.
While no widespread exploitation has been publicly reported, the high CVSS score indicates a high probability of exploitation. Proactive remediation is strongly advised.
Refer to the Busiprof official website or security advisory channels for the most up-to-date information and guidance regarding CVE-2026-39619.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。