{"id":3862,"date":"2019-02-21T02:16:34","date_gmt":"2019-02-21T02:16:34","guid":{"rendered":"https:\/\/www.camcert.gov.kh\/?p=3862"},"modified":"2019-02-21T03:34:15","modified_gmt":"2019-02-21T03:34:15","slug":"wordpress-remote-code-execution","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/wordpress-remote-code-execution\/","title":{"rendered":"CamSA19-08: \u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1794\u17c6\u1795\u17bb\u178f\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 WordPress"},"content":{"rendered":"<p><\/p>\n<p style=\"text-align: justify;\"><strong>\u17e1. \u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5<\/strong><\/p>\n<p style=\"text-align: justify;\">\u17a2\u17d2\u1793\u1780\u179f\u17d2\u179a\u17b6\u179c\u1787\u17d2\u179a\u17b6\u179c\u179f\u1793\u17d2\u178f\u17b7\u179f\u17bb\u1781\u1794\u1785\u17d2\u1785\u17c1\u1780\u179c\u17b7\u1791\u17d2\u1799\u17b6\u1782\u1798\u1793\u17b6\u1782\u1798\u1793\u17cd \u1793\u17b7\u1784\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1798\u1780\u1796\u17b8 RIPS Technologies GmbH \u1794\u17b6\u1793\u179a\u1780\u1783\u17be\u1789\u1793\u17bc\u179c\u1785\u17c6\u1793\u17bb\u1785 \u1781\u17d2\u179f\u17c4\u1799\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1794\u17c6\u1795\u17bb\u178f\u1798\u17bd\u1799\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u17a5\u178f\u1782\u17b7\u178f\u1790\u17d2\u179b\u17c3 \u1793\u17b7\u1784\u1794\u17d2\u179a\u1797\u1796\u1780\u17bc\u178a\u1785\u17c6\u17a0\u179a (open-source) \u178a\u17c2\u179b\u1799\u17be\u1784\u179f\u17d2\u1782\u17b6\u179b\u17cb\u1790\u17b6 WordPress \u17d4<\/p>\n<p style=\"text-align: justify;\">\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a \u17ac\u1780\u17cf\u17a2\u17d2\u1793\u1780\u1793\u17b7\u1796\u1793\u17d2\u1792\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1787\u17b6 &#8220;author&#8221; \u17ac\u1780\u17cf\u1782\u178e\u1793\u17b8\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1781\u17d2\u1796\u179f\u17cb\u1787\u17b6\u1784\u1793\u17c1\u17c7 \u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u200b\u1785\u17bc\u179b\u200b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u200b WordPress \u178a\u17c4\u1799\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1796\u17b8\u179a\u1794\u1789\u17d2\u1785\u17bc\u179b\u1782\u17d2\u1793\u17b6\u1782\u17ba Path Traversal \u1793\u17b7\u1784 Local File Inclusion \u178a\u17c2\u179b\u17a2\u17b6\u1785\u1788\u17b6\u1793\u1791\u17c5\u178a\u179b\u17cb\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u17c6\u1784\u17b6\u1799 (Remote Code Execution) \u1794\u17b6\u1793\u17d4<\/p>\n<p style=\"text-align: justify;\"><strong>\u17e2. \u1780\u17c6\u178e\u17c2 \u17ac\u1787\u17c6\u1793\u17b6\u1793\u17cb\u178a\u17c2\u179b\u179a\u1784\u1782\u17d2\u179a\u17c4\u17c7<\/strong><\/p>\n<p style=\"text-align: justify;\"><strong>\u17a2\u17d2\u1793\u1780\u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb WordPress \u1780\u17c6\u178e\u17c2\u1791\u17b8 5.0.2 \u17ac\u1780\u17d2\u179a\u17c4\u1798\u1793\u17c1\u17c7<\/strong><\/p>\n<p style=\"text-align: justify;\">\u1780\u17c6\u178e\u178f\u17cb\u179f\u17c6\u1782\u17b6\u179b\u17cb\u17c8 \u1780\u17b6\u179a\u1787\u17bd\u179f\u1787\u17bb\u179b\u1780\u17c6\u17a0\u17bb\u179f\u1786\u17d2\u1782\u1784\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1780\u17c6\u178e\u17c2 WordPress 4.9.9 \u1793\u17b7\u1784 5.0.1 \u1782\u17ba\u1794\u17b6\u1793\u1794\u1784\u17d2\u1780\u17b6\u1798\u17b7\u1793\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u200b\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1791\u17b6\u17c6\u1784\u1796\u17b8\u179a\u1793\u17c1\u17c7\u17d4\u200b \u1780\u17cf\u1794\u17c9\u17bb\u1793\u17d2\u178f\u17c2 \u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799 Path Traversal \u1793\u17c5\u178f\u17c2\u17a2\u17b6\u1785\u179c\u17b6\u1799\u179b\u17bb\u1780\u1794\u17b6\u1793\u178a\u178a\u17c2\u179b\u1794\u17be\u179f\u17b7\u1793\u1787\u17b6\u1798\u17b6\u1793\u200b plugins \u178a\u1791\u17c3\u1791\u17c0\u178f\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u178f\u1798\u17d2\u179b\u17be\u1784 \u17a0\u17be\u1799\u1798\u17b6\u1793\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1798\u17b7\u1793\u1794\u17b6\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17d2\u179a\u17bc\u179c\u1791\u17c5\u179b\u17be Post Meta\u17d4<\/p>\n<p style=\"text-align: justify;\"><strong>\u17e3. \u1795\u179b\u1794\u17c9\u17c8\u1796\u17b6\u179b\u17cb<\/strong><\/p>\n<p style=\"text-align: justify;\">\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u178a\u17c4\u1799\u1787\u17c4\u1782\u1787\u17d0\u1799 \u1793\u17b9\u1784\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u1798\u17d2\u1784\u17b6\u1799 \u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17b6\u17c6\u1784\u179f\u17d2\u179a\u17bb\u1784\u200b\u1791\u17c5\u179b\u17be\u179c\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u178a\u17c4\u1799 WordPress\u17d4<\/p>\n<p style=\"text-align: justify;\"><strong>\u17e4. \u178a\u17c6\u178e\u17c4\u17c7\u179f\u17d2\u179a\u17b6\u1799<\/strong><\/p>\n<p style=\"text-align: justify;\">\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u178f\u17d2\u179a\u17bc\u179c\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u1791\u17c5\u1780\u17b6\u1793\u17cb\u1780\u17c6\u178e\u17c2\u1785\u17bb\u1784\u1780\u17d2\u179a\u17c4\u1799 Version 5.0.3 \u1787\u17b6\u1794\u1793\u17d2\u1791\u17b6\u1793\u17cb \u17a0\u17be\u1799\u178f\u17b6\u1798\u178a\u17b6\u1793\u1794\u1793\u17d2\u178f\u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f \u1791\u17c5\u179b\u17be\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8 WordPress \u178a\u17c2\u179b\u1793\u17b9\u1784\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1787\u17bd\u179f\u1787\u17bb\u179b\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1791\u17b6\u17c6\u1784\u1793\u17c1\u17c7\u17d4<\/p>\n<p style=\"text-align: justify;\"><strong>\u17e5. \u179c\u17c1\u1794\u179f\u17b6\u1799\u1796\u17b6\u1780\u17cb\u1796\u17d0\u1793\u17d2\u1792<\/strong><\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/blog.ripstech.com\/2019\/wordpress-image-remote-code-execution\/\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.ripstech.com\/2019\/wordpress-image-remote-code-execution\/<\/a><\/p>\n<p><\/p>"},"excerpt":{"rendered":"<p>\u17e1. \u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5 \u17a2\u17d2\u1793\u1780\u179f\u17d2\u179a\u17b6\u179c\u1787\u17d2\u179a\u17b6\u179c\u179f\u1793\u17d2\u178f\u17b7\u179f\u17bb\u1781\u1794\u1785\u17d2\u1785\u17c1\u1780\u179c\u17b7\u1791\u17d2\u1799\u17b6\u1782\u1798\u1793\u17b6\u1782\u1798\u1793\u17cd \u1793\u17b7\u1784\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1798\u1780\u1796\u17b8 RIPS Technologies GmbH \u1794\u17b6\u1793\u179a\u1780\u1783\u17be\u1789\u1793\u17bc\u179c\u1785\u17c6\u1793\u17bb\u1785 \u1781\u17d2\u179f\u17c4\u1799\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1794\u17c6\u1795\u17bb\u178f\u1798\u17bd\u1799\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u17a5\u178f\u1782\u17b7\u178f\u1790\u17d2\u179b\u17c3 \u1793\u17b7\u1784\u1794\u17d2\u179a\u1797\u1796\u1780\u17bc\u178a\u1785\u17c6\u17a0\u179a (open-source) \u178a\u17c2\u179b\u1799\u17be\u1784\u179f\u17d2\u1782\u17b6\u179b\u17cb\u1790\u17b6 WordPress \u17d4 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a \u17ac\u1780\u17cf\u17a2\u17d2\u1793\u1780\u1793\u17b7\u1796\u1793\u17d2\u1792\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1787\u17b6 &#8220;author&#8221; \u17ac\u1780\u17cf\u1782\u178e\u1793\u17b8\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1781\u17d2\u1796\u179f\u17cb\u1787\u17b6\u1784\u1793\u17c1\u17c7 \u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u200b\u1785\u17bc\u179b\u200b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u200b WordPress \u178a\u17c4\u1799\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1796\u17b8\u179a\u1794\u1789\u17d2\u1785\u17bc\u179b\u1782\u17d2\u1793\u17b6\u1782\u17ba Path Traversal \u1793\u17b7\u1784 Local File Inclusion \u178a\u17c2\u179b\u17a2\u17b6\u1785\u1788\u17b6\u1793\u1791\u17c5\u178a\u179b\u17cb\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u17c6\u1784\u17b6\u1799 (Remote Code Execution) \u1794\u17b6\u1793\u17d4 \u17e2. \u1780\u17c6\u178e\u17c2 \u17ac\u1787\u17c6\u1793\u17b6\u1793\u17cb\u178a\u17c2\u179b\u179a\u1784\u1782\u17d2\u179a\u17c4\u17c7 \u17a2\u17d2\u1793\u1780\u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb WordPress \u1780\u17c6\u178e\u17c2\u1791\u17b8 5.0.2 \u17ac\u1780\u17d2\u179a\u17c4\u1798\u1793\u17c1\u17c7 \u1780\u17c6\u178e\u178f\u17cb\u179f\u17c6\u1782\u17b6\u179b\u17cb\u17c8 \u1780\u17b6\u179a\u1787\u17bd\u179f\u1787\u17bb\u179b\u1780\u17c6\u17a0\u17bb\u179f\u1786\u17d2\u1782\u1784\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1780\u17c6\u178e\u17c2 WordPress 4.9.9 \u1793\u17b7\u1784 5.0.1 \u1782\u17ba\u1794\u17b6\u1793\u1794\u1784\u17d2\u1780\u17b6\u1798\u17b7\u1793\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u200b\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1791\u17b6\u17c6\u1784\u1796\u17b8\u179a\u1793\u17c1\u17c7\u17d4\u200b \u1780\u17cf\u1794\u17c9\u17bb\u1793\u17d2\u178f\u17c2 \u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799 Path Traversal \u1793\u17c5\u178f\u17c2\u17a2\u17b6\u1785\u179c\u17b6\u1799\u179b\u17bb\u1780\u1794\u17b6\u1793\u178a\u178a\u17c2\u179b\u1794\u17be\u179f\u17b7\u1793\u1787\u17b6\u1798\u17b6\u1793\u200b plugins \u178a\u1791\u17c3\u1791\u17c0\u178f\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u178f\u1798\u17d2\u179b\u17be\u1784 \u17a0\u17be\u1799\u1798\u17b6\u1793\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1798\u17b7\u1793\u1794\u17b6\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17d2\u179a\u17bc\u179c\u1791\u17c5\u179b\u17be [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3863,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[274,9],"tags":[104,154],"class_list":["post-3862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-274","category-security-alert","tag-vulnerability","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/comments?post=3862"}],"version-history":[{"count":7,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3862\/revisions"}],"predecessor-version":[{"id":3870,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/3862\/revisions\/3870"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media\/3863"}],"wp:attachment":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media?parent=3862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/categories?post=3862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/tags?post=3862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}