WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ·Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-10

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13344£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º5.3


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÊÊÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾¡£¡£ ¡£¡£¡£


Îó²î¸ÅÊö


WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHPÓïÑÔ¿ª·¢µÄ²©¿Íƽ̨¡£¡£ ¡£¡£¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄЧÀÍÆ÷ÉϼÜÉèСÎÒ˽¼Ò²©¿ÍÍøÕ¾¡£¡£ ¡£¡£¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÌí¼Ó°´Å¥µÄ²å¼þ¡£¡£ ¡£¡£¡£


WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾Öб£´æÉí·ÝÑéÖ¤ÅÔ·Îó²î¡£¡£ ¡£¡£¡£¸ÃÎó²îÔ´ÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ¼ì²éÄ¿½ñÇëÇóÊÇ·ñÓÉÊÚȨÓû§¾ÙÐУ¬£¬£¬£¬£¬£¬Òò´ËÔÊÐíÈκÎδ¾­Éí·ÝÑéÖ¤µÄÓû§ÀֳɸüÐÂÉèÖᣡ£ ¡£¡£¡£


Îó²îÑéÖ¤


Îó²îEXP£ºhttps://www.exploit-db.com/exploits/47078¡£¡£ ¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º

https://wordpress.org/plugins/wp-like-button¡£¡£ ¡£¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-313