漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. Connections Business Directory is an easy to use directory plugin to create an addressbook, business directory, member directory, staff directory or church directory.
The vulnerability exists in includes/admin/pages/manage.php source file, that could allow remote attackers to inject arbitrary web script or HTML via the s variable.
Affected Versions:
Connections Business Directory plugin before 8.5.9 for WordPress
漏洞危害
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.
解决方案
Customers are advised to upgrade their WordPress plugin to Connections Business Directory 8.5.9 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论