漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. SecureMoz Security Audit WordPress Security Plugin performs a security audit to detect PHP and WordPress vulnerabilities and solve them.
The tweet_info() function in the implemeted class__functions.php source file fails to use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream.
Affected Versions:
SecureMoz Security Audit plugin for WordPress 1.0.5 and prior
漏洞危害
Successful exploitation allows remote attackers to carry out which allows man-in-the-middle attacks, which can be further leveraged to conduct PHP object injection attacks and execute arbitrary PHP code.
解决方案
Customers are advised to install WordPress plugin SecureMoz Security Audit 1.0.6 or later versions to fix this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论