name: cve-2026-47100 services: db-vuln: image: mariadb:11.4 environment: MARIADB_DATABASE: wordpress MARIADB_USER: wordpress MARIADB_PASSWORD: wordpress MARIADB_ROOT_PASSWORD: rootpass volumes: - db_vuln:/var/lib/mysql networks: [lab] healthcheck: test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] interval: 10s timeout: 5s retries: 10 db-patched: image: mariadb:11.4 environment: MARIADB_DATABASE: wordpress MARIADB_USER: wordpress MARIADB_PASSWORD: wordpress MARIADB_ROOT_PASSWORD: rootpass volumes: - db_patched:/var/lib/mysql networks: [lab] healthcheck: test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] interval: 10s timeout: 5s retries: 10 vuln: build: context: . dockerfile: vuln/Dockerfile depends_on: db-vuln: condition: service_healthy environment: WORDPRESS_DB_HOST: db-vuln:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress LAB_VARIANT: vuln FUNNEL_BUILDER_VERSION: 3.15.0.2 WORDPRESS_URL: http://localhost:8081 WORDPRESS_TITLE: CVE-2026-47100 Vulnerable WORDPRESS_ADMIN_USER: admin WORDPRESS_ADMIN_PASSWORD: adminpass WORDPRESS_ADMIN_EMAIL: admin@example.test ports: - "127.0.0.1:8081:80" volumes: - wp_vuln:/var/www/html - ./scripts:/lab/scripts:ro networks: [lab] healthcheck: test: ["CMD-SHELL", "curl -fsS http://localhost/wp-login.php >/dev/null || exit 1"] interval: 10s timeout: 5s retries: 20 patched: build: context: . dockerfile: patched/Dockerfile depends_on: db-patched: condition: service_healthy environment: WORDPRESS_DB_HOST: db-patched:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress LAB_VARIANT: patched FUNNEL_BUILDER_VERSION: 3.15.0.3 WORDPRESS_URL: http://localhost:8082 WORDPRESS_TITLE: CVE-2026-47100 Patched WORDPRESS_ADMIN_USER: admin WORDPRESS_ADMIN_PASSWORD: adminpass WORDPRESS_ADMIN_EMAIL: admin@example.test ports: - "127.0.0.1:8082:80" volumes: - wp_patched:/var/www/html - ./scripts:/lab/scripts:ro networks: [lab] healthcheck: test: ["CMD-SHELL", "curl -fsS http://localhost/wp-login.php >/dev/null || exit 1"] interval: 10s timeout: 5s retries: 20 init-vuln: build: context: . dockerfile: vuln/Dockerfile depends_on: vuln: condition: service_healthy user: "33:33" environment: WORDPRESS_DB_HOST: db-vuln:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress LAB_VARIANT: vuln FUNNEL_BUILDER_VERSION: 3.15.0.2 WORDPRESS_URL: http://localhost:8081 WORDPRESS_TITLE: CVE-2026-47100 Vulnerable WORDPRESS_ADMIN_USER: admin WORDPRESS_ADMIN_PASSWORD: adminpass WORDPRESS_ADMIN_EMAIL: admin@example.test volumes: - wp_vuln:/var/www/html - ./scripts:/lab/scripts:ro networks: [lab] entrypoint: ["bash", "/lab/scripts/init-wordpress.sh"] restart: "no" init-patched: build: context: . dockerfile: patched/Dockerfile depends_on: patched: condition: service_healthy user: "33:33" environment: WORDPRESS_DB_HOST: db-patched:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress LAB_VARIANT: patched FUNNEL_BUILDER_VERSION: 3.15.0.3 WORDPRESS_URL: http://localhost:8082 WORDPRESS_TITLE: CVE-2026-47100 Patched WORDPRESS_ADMIN_USER: admin WORDPRESS_ADMIN_PASSWORD: adminpass WORDPRESS_ADMIN_EMAIL: admin@example.test volumes: - wp_patched:/var/www/html - ./scripts:/lab/scripts:ro networks: [lab] entrypoint: ["bash", "/lab/scripts/init-wordpress.sh"] restart: "no" networks: lab: driver: bridge volumes: db_vuln: db_patched: wp_vuln: wp_patched: