漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection
Vulnerability Description
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize() on the data, this could be further exploited when combined with a PHP gadget chain to achieve PHP Object Injection
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin divi-booster 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin divi-booster 5.0.2之前版本存在安全漏洞,该漏洞源于缺少授权和跨站请求伪造检查,可能导致未经验证的用户修改存储选项,并可能进一步导致PHP对象注入。
CVSS Information
N/A
Vulnerability Type
N/A