漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bold Page Builder < 3.1.6 - PHP Object Injection
Vulnerability Description
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
WordPress 插件代码问题漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 Bold Page Builder 3.1.6之前版本存在代码问题漏洞,该漏洞源于插件的bt_bb_get_grid AJAX 操作将用户输入传入unserialize()函数,没有进行任何的验证或转义,这可能导致PHP对象注入,并在某些情况下可能导致远程代码注入。
CVSS Information
N/A
Vulnerability Type
N/A