Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Plugin is-human <= v1.4.2 Eval Injection RCE
Vulnerability Description
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.
CVSS Information
N/A
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
WordPress plugin is-human 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin is-human v1.4.2及之前版本存在安全漏洞,该漏洞源于对文件/is-human/engine.php中参数type的不安全操作,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A