WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ·Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-10

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13344£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º5.3


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÊÊÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾¡£ ¡£¡£¡£


Îó²î¸ÅÊö


WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHPÓïÑÔ¿ª·¢µÄ²©¿Íƽ̨¡£ ¡£¡£¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄЧÀÍÆ÷ÉϼÜÉèСÎÒ˽¼Ò²©¿ÍÍøÕ¾¡£ ¡£¡£¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÌí¼Ó°´Å¥µÄ²å¼þ¡£ ¡£¡£¡£


WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾Öб£´æÉí·ÝÑéÖ¤ÅÔ·Îó²î¡£ ¡£¡£¡£¸ÃÎó²îÔ´ÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ¼ì²éÄ¿½ñÇëÇóÊÇ·ñÓÉÊÚȨÓû§¾ÙÐУ¬£¬£¬£¬£¬Òò´ËÔÊÐíÈκÎδ¾­Éí·ÝÑéÖ¤µÄÓû§ÀֳɸüÐÂÉèÖᣠ¡£¡£¡£


Îó²îÑéÖ¤


Îó²îEXP£ºhttps://www.exploit-db.com/exploits/47078¡£ ¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º

https://wordpress.org/plugins/wp-like-button¡£ ¡£¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-313