平台
wordpress
组件
busiprof
修复版本
2.5.3
CVE-2026-39619 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Busiprof, a software component. This vulnerability allows an attacker to upload a malicious web shell to a web server, potentially leading to complete system compromise. The vulnerability affects versions from 0.0.0 through 2.5.2, and a patch is available in version 2.5.3.
The primary impact of CVE-2026-39619 is the ability for an attacker to execute arbitrary code on the affected web server. By leveraging the CSRF vulnerability, an attacker can trick a legitimate user into unknowingly triggering the web shell upload. Once the web shell is deployed, the attacker gains remote code execution capabilities, enabling them to modify files, steal sensitive data, install malware, or pivot to other systems on the network. The blast radius extends to any data stored or processed by the web server, and the attacker could potentially gain full control of the underlying infrastructure.
The vulnerability was published on 2026-04-08. Exploitation context is currently limited, and no public Proof-of-Concept (POC) code has been widely reported. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation if the vulnerability is exposed. It is recommended to prioritize remediation due to the potential for severe consequences.
漏洞利用状态
EPSS
0.02% (5% 百分位)
CVSS 向量
The recommended mitigation for CVE-2026-39619 is to immediately upgrade Busiprof to version 2.5.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as strict input validation on file upload endpoints and implementing CSRF protection mechanisms like double-submit cookies or SameSite cookies. Web Application Firewalls (WAFs) configured to detect and block suspicious file uploads can also provide a layer of defense. Monitor web server logs for unusual file uploads or execution attempts.
目前没有已知的补丁。请深入审查漏洞的详细信息,并根据您组织的风险承受能力采取缓解措施。最好卸载受影响的软件并寻找替代方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-39619 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Busiprof versions 0.0.0–2.5.2. It allows attackers to upload a web shell, potentially leading to remote code execution.
Yes, if you are running Busiprof versions 0.0.0 through 2.5.2, you are affected by this vulnerability. Immediately assess your systems and apply the necessary updates.
The recommended fix is to upgrade Busiprof to version 2.5.3 or later. If upgrading is not possible, implement temporary workarounds like input validation and CSRF protection.
While no widespread exploitation has been publicly reported, the high CVSS score indicates a high probability of exploitation. Proactive remediation is strongly advised.
Refer to the Busiprof official website or security advisory channels for the most up-to-date information and guidance regarding CVE-2026-39619.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。