WordPress Plugin Like Button 1.6.0Éí·ÝÑéÖ¤ÅÔ··ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-07-10

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13344£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º5.3


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ºÏÓÃÓÚWordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾¡£


·ì϶¸ÅÊö


WordPressÊÇWordPress»ù½ð»áµÄÒ»Ì×ʹÓÃPHP˵»°¿ª·¢µÄ²©¿Íƽ̨¡£¸Ãƽ̨֧³ÖÔÚPHPºÍMySQLµÄ·þÎñÆ÷ÉϼÜÉèÓ×ÎÒ²©¿ÍÍøÕ¾¡£CRUDLab WP Like Button pluginÊÇʹÓÃÔÚÆäÖеÄÒ»¸öÓÃÓÚÔÚÒ³ÃæÉÏÔö³¤°´Å¥µÄ²å¼þ¡£


WordPress CRUDLab WP Like Button²å¼þ1.6.0¼°Ö®Ç°°æ±¾ÖдæÔÚÉí·ÝÑéÖ¤ÅÔ··ì϶¡£¸Ã·ì϶ԴÓÚwp_like_button.phpÖеÄcontains()º¯Êýδ²é³­µ±Ç°ÒªÇóÊÇ·ñÓÉÊÚȨÓû§½øÐУ¬Òò¶øÔÊÐíÈκÎδ¾­Éí·ÝÑéÖ¤µÄÓû§³É¹¦¸üÐÂÉèÖá£


·ì϶ÑéÖ¤


·ì϶EXP£ºhttps://www.exploit-db.com/exploits/47078¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌ⣬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£º

https://wordpress.org/plugins/wp-like-button¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-313