README.md
Rendering markdown...
services:
db-vuln:
image: mariadb:11.4.5
environment:
MARIADB_ROOT_PASSWORD: rootpass
MARIADB_DATABASE: wordpress
MARIADB_USER: wp
MARIADB_PASSWORD: wppass
healthcheck:
test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
interval: 5s
timeout: 5s
retries: 20
volumes:
- db_vuln:/var/lib/mysql
networks:
- lab
vuln:
build:
context: ./vuln
environment:
WORDPRESS_DB_HOST: db-vuln:3306
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wp
WORDPRESS_DB_PASSWORD: wppass
WORDPRESS_CONFIG_EXTRA: |
define('WP_HOME', 'http://localhost:8081');
define('WP_SITEURL', 'http://localhost:8081');
define('FORCE_SSL_ADMIN', false);
depends_on:
db-vuln:
condition: service_healthy
ports:
- "8081:80"
volumes:
- wp_vuln:/var/www/html
networks:
- lab
seed-vuln:
image: wordpress:cli-php8.2
user: "0:0"
depends_on:
db-vuln:
condition: service_healthy
vuln:
condition: service_started
environment:
WORDPRESS_DB_HOST: db-vuln:3306
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wp
WORDPRESS_DB_PASSWORD: wppass
WP_PATH: /var/www/html
PUBLIC_URL: http://localhost:8081
WP_TITLE: CVE-2026-27541 Vulnerable Lab
WC_VERSION: 10.6.0
WWP_VERSION: 2.2.6
ADMIN_USER: admin
ADMIN_PASSWORD: AdminPass!234
ADMIN_EMAIL: [email protected]
SHOPMGR_USER: shopmgr
SHOPMGR_PASSWORD: ShopMgrPass!234
SHOPMGR_EMAIL: [email protected]
LAB_VARIANT: vuln
entrypoint: ["/bin/sh", "/opt/lab/scripts/seed-wp.sh"]
volumes:
- wp_vuln:/var/www/html
- ./scripts:/opt/lab/scripts:ro
networks:
- lab
db-patched:
image: mariadb:11.4.5
environment:
MARIADB_ROOT_PASSWORD: rootpass
MARIADB_DATABASE: wordpress
MARIADB_USER: wp
MARIADB_PASSWORD: wppass
healthcheck:
test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
interval: 5s
timeout: 5s
retries: 20
volumes:
- db_patched:/var/lib/mysql
networks:
- lab
patched:
build:
context: ./patched
environment:
WORDPRESS_DB_HOST: db-patched:3306
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wp
WORDPRESS_DB_PASSWORD: wppass
WORDPRESS_CONFIG_EXTRA: |
define('WP_HOME', 'http://localhost:8082');
define('WP_SITEURL', 'http://localhost:8082');
define('FORCE_SSL_ADMIN', false);
depends_on:
db-patched:
condition: service_healthy
ports:
- "8082:80"
volumes:
- wp_patched:/var/www/html
networks:
- lab
seed-patched:
image: wordpress:cli-php8.2
user: "0:0"
depends_on:
db-patched:
condition: service_healthy
patched:
condition: service_started
environment:
WORDPRESS_DB_HOST: db-patched:3306
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wp
WORDPRESS_DB_PASSWORD: wppass
WP_PATH: /var/www/html
PUBLIC_URL: http://localhost:8082
WP_TITLE: CVE-2026-27541 Patched Lab
WC_VERSION: 10.6.0
WWP_VERSION: 2.2.7
ADMIN_USER: admin
ADMIN_PASSWORD: AdminPass!234
ADMIN_EMAIL: [email protected]
SHOPMGR_USER: shopmgr
SHOPMGR_PASSWORD: ShopMgrPass!234
SHOPMGR_EMAIL: [email protected]
LAB_VARIANT: patched
entrypoint: ["/bin/sh", "/opt/lab/scripts/seed-wp.sh"]
volumes:
- wp_patched:/var/www/html
- ./scripts:/opt/lab/scripts:ro
networks:
- lab
volumes:
db_vuln:
wp_vuln:
db_patched:
wp_patched:
networks:
lab:
name: cve-2026-27541_lab