'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:wordpress_plugin_idraw_arbitrary_file_upload_vul(Rule ID:1070210477)

Release Date2025/9/15

Rule NameCVE-2025-39436:WordPress Plugin I Draw Arbitrary File Upload Vulnerability

Severity:mid

CVE IDCVE-2025-39436

 

Descripiton

Both WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. This platform supports the setup of personal blog websites on servers running PHP and MySQL. A WordPress plugin is an application plugin. There is a code vulnerability in WordPress plugin I Draw version 1.0 and earlier. This vulnerability stems from allowing the upload of dangerous file types, which may lead to the use of malicious files. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.