WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ·Îó²îÇ徲ͨ¸æ
Ðû²¼Ê±¼ä 2019-07-10Îó²î±àºÅºÍ¼¶±ð
CVE±àºÅ£ºCVE-2019-13344£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º5.3
Ó°Ïì°æ±¾
ÊÜÓ°ÏìµÄ°æ±¾
ÊÊÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾¡£¡£¡£¡£¡£
Îó²î¸ÅÊö
WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHPÓïÑÔ¿ª·¢µÄ²©¿Íƽ̨¡£¡£¡£¡£¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄЧÀÍÆ÷ÉϼÜÉèСÎÒ˽¼Ò²©¿ÍÍøÕ¾¡£¡£¡£¡£¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÌí¼Ó°´Å¥µÄ²å¼þ¡£¡£¡£¡£¡£
WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾Öб£´æÉí·ÝÑéÖ¤ÅÔ·Îó²î¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ¼ì²éÄ¿½ñÇëÇóÊÇ·ñÓÉÊÚȨÓû§¾ÙÐУ¬£¬£¬£¬£¬Òò´ËÔÊÐíÈκÎδ¾Éí·ÝÑéÖ¤µÄÓû§ÀֳɸüÐÂÉèÖᣡ£¡£¡£¡£
Îó²îÑéÖ¤
Îó²îEXP£ºhttps://www.exploit-db.com/exploits/47078¡£¡£¡£¡£¡£
ÐÞ¸´½¨Òé
https://wordpress.org/plugins/wp-like-button¡£¡£¡£¡£¡£
²Î¿¼Á´½Ó