Title:WordPress GraceMedia Media Player插件命令注入漏洞 (CVE-2019-9618) Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。GraceMedia Media Player Plugin是使用在其中的一个媒体播放器插件。 WordPress GraceMedia Media Player插件1.0版本中存在本地文件包含漏洞,该漏洞源于程序没有验证‘cfg’参数。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Description
WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter.
File Snapshot
id: CVE-2019-9618
info:
name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion
auth
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.