关键信息 漏洞类型: Local File Inclusion 受影响版本: WordPress Davenport - Versatile Blog and Magazine WordPress Theme Plugin <= 1.3 风险等级: High priority 官方修复: No official fix available 报告日期: 20 June 2023 报告人: Tran Nguyen Bao Khoanh (VCI - VNPT Cyber Immunity) 发布时间: 27 June 2023 风险描述 This vulnerability is highly dangerous and expected to become mass exploited. It could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. 解决方案 We advise to mitigate or resolve the vulnerability immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available, can be tested and safely applied.