WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ··ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-07-10

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13344 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º5.3


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ºÏÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾  ¡£


·ì϶¸ÅÊö


WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHP˵»°¿ª·¢µÄ²©¿Íƽ̨  ¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄ·þÎñÆ÷ÉϼÜÉèÓ×ÎÒ²©¿ÍÍøÕ¾  ¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÔö³¤°´Å¥µÄ²å¼þ  ¡£


WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾ÖдæÔÚÉí·ÝÑéÖ¤ÅÔ··ì϶  ¡£¸Ã·ì϶ԴÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ²é³­µ±Ç°ÒªÇóÊÇ·ñÓÉÊÚȨÓû§½øÐÐ £¬Òò¶øÔÊÐíÈκÎδ¾­Éí·ÝÑéÖ¤µÄÓû§³É¹¦¸üÐÂÉèÖà  ¡£


·ì϶ÑéÖ¤


·ì϶EXP£ºhttps://www.exploit-db.com/exploits/47078  ¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌâ £¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£º

https://wordpress.org/plugins/wp-like-button  ¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-313