CVEs-PoC/2021/CVE-2021-39327.md

### [CVE-2021-39327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39327)
![](https://img.shields.io/static/v1?label=Product&message=BulletProof%20Security&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.1%3C%3D%205.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)

### Description

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

### POC

#### Reference
- http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html
- https://www.exploit-db.com/exploits/50382

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Hacker5preme/Exploits
- https://github.com/Henry4E36/POCS
- https://github.com/StarCrossPortal/scalpel
- https://github.com/anonymous364872/Rapier_Tool
- https://github.com/apif-review/APIF_tool_2024
- https://github.com/youcans896768/APIV_Tool