WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ·Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-10

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13344£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º5.3


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÊÊÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾¡£¡£¡£¡£¡£


Îó²î¸ÅÊö


WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHPÓïÑÔ¿ª·¢µÄ²©¿Íƽ̨¡£¡£¡£¡£¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄЧÀÍÆ÷ÉϼÜÉèСÎÒ˽¼Ò²©¿ÍÍøÕ¾¡£¡£¡£¡£¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÌí¼Ó°´Å¥µÄ²å¼þ¡£¡£¡£¡£¡£


WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾Öб£´æÉí·ÝÑéÖ¤ÅÔ·Îó²î¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ¼ì²éÄ¿½ñÇëÇóÊÇ·ñÓÉÊÚȨÓû§¾ÙÐУ¬£¬£¬£¬£¬Òò´ËÔÊÐíÈκÎδ¾­Éí·ÝÑéÖ¤µÄÓû§ÀֳɸüÐÂÉèÖᣡ£¡£¡£¡£


Îó²îÑéÖ¤


Îó²îEXP£ºhttps://www.exploit-db.com/exploits/47078¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§ËæÊ±¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º

https://wordpress.org/plugins/wp-like-button¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-313