instawp string_locator 跨站请求伪造(csrf)

CVE编号

CVE-2022-2434

利用情况

暂无

补丁情况

N/A

披露时间

2022-09-07
漏洞描述
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&...
https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-...
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2434
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 instawp string_locator * Up to
(including)
2.5.0
运行在以下环境
系统 fedora_34 zabbix * Up to
(excluding)
5.0.21-1.fc34
运行在以下环境
系统 fedora_35 zabbix * Up to
(excluding)
5.0.21-1.fc35
运行在以下环境
系统 fedora_36 zabbix * Up to
(excluding)
5.0.21-1.fc36
运行在以下环境
系统 fedora_EPEL_7 zabbix50 * Up to
(excluding)
5.0.21-1.el7
运行在以下环境
系统 fedora_EPEL_8 zabbix40 * Up to
(excluding)
4.0.39-1.el8
运行在以下环境
系统 fedora_Epel_8_Modular zabbix * Up to
(excluding)
5.0-820220312165755.9edba152
CVSS3评分
8.8
  • 攻击路径
    网络
  • 攻击复杂度
  • 权限要求
  • 影响范围
    未更改
  • 用户交互
    需要
  • 可用性
  • 保密性
  • 完整性
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-ID 漏洞类型
CWE-352 跨站请求伪造(CSRF)
CWE-502 可信数据的反序列化
阿里云安全产品覆盖情况