{"id":3879,"date":"2019-03-15T14:34:21","date_gmt":"2019-03-15T07:34:21","guid":{"rendered":"https:\/\/www.camcert.gov.kh\/?p=3879"},"modified":"2019-04-10T10:29:23","modified_gmt":"2019-04-10T03:29:23","slug":"camsa19-10-wordpress-remote-code-execution-v5-1","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/camsa19-10-wordpress-remote-code-execution-v5-1\/","title":{"rendered":"CamSA19-11: \u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1794\u17c6\u1795\u17bb\u178f \u1793\u17b7\u1784\u1780\u17b6\u179a\u1785\u17c1\u1789\u1795\u17d2\u179f\u17b6\u1799\u1780\u17b6\u179a\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f WordPress \u1791\u17c5\u1780\u17c6\u178e\u17c2 \u17e5.\u200c\u17e1.\u17e1"},"content":{"rendered":"

\u17e1. \u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5<\/strong><\/p>\n

\u17a2\u17d2\u1793\u1780\u179f\u17d2\u179a\u17b6\u179c\u1787\u17d2\u179a\u17b6\u179c\u179f\u1793\u17d2\u178f\u17b7\u179f\u17bb\u1781\u1794\u1785\u17d2\u1785\u17c1\u1780\u179c\u17b7\u1791\u17d2\u1799\u17b6\u1782\u1798\u1793\u17b6\u1782\u1798\u1793\u17cd \u1793\u17b7\u1784\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1798\u1780\u1796\u17b8 RIPS Technologies GmbH \u1794\u17b6\u1793\u179a\u1780\u1783\u17be\u1789\u1793\u17bc\u179c\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u200b\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1794\u17c6\u1795\u17bb\u178f\u1798\u17bd\u1799\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u17a5\u178f\u1782\u17b7\u178f\u1790\u17d2\u179b\u17c3 \u1793\u17b7\u1784\u1794\u17d2\u179a\u1797\u1796\u1780\u17bc\u178a\u1785\u17c6\u17a0\u179a (open-source) \u178a\u17c2\u179b\u1799\u17be\u1784\u179f\u17d2\u1782\u17b6\u179b\u17cb\u1790\u17b6 WordPress \u17d4<\/p>\n

\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a \u17ac\u1780\u17cf\u17a2\u17d2\u1793\u1780\u1793\u17b7\u1796\u1793\u17d2\u1792\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1787\u17b6 \u201cauthor\u201d \u17ac\u1780\u17cf\u1782\u178e\u1793\u17b8\u178a\u17c2\u179b\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1781\u17d2\u1796\u179f\u17cb\u1787\u17b6\u1784\u1793\u17c1\u17c7 \u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u200b\u1785\u17bc\u179b\u200b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u200b WordPress \u178f\u17b6\u1798\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799 Cross-Site Request Forgery<\/strong> (CSRF<\/b>)<\/span> \u178a\u17c4\u1799\u200b\u1782\u17d2\u179a\u17b6\u1793\u17cb\u178f\u17c2\u200b\u1794\u1789\u17d2\u1787\u17c4\u178f\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799 WordPress \u17b1\u17d2\u1799\u1794\u17be\u1780\u179c\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c2\u179b\u1794\u17b6\u1793\u1794\u1784\u17d2\u1780\u1794\u17cb\u1780\u17bc\u178a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1793\u17b9\u1784\u17a2\u17b6\u1785\u1788\u17b6\u1793\u200b\u1791\u17c5\u178a\u179b\u17cb\u200b\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u17c6\u1784\u17b6\u1799 (Remote Code Execution) \u1794\u17b6\u1793\u17d4<\/p>\n

\u17e2. \u1780\u17c6\u178e\u17c2 \u17ac\u1787\u17c6\u1793\u17b6\u1793\u17cb\u178a\u17c2\u179b\u179a\u1784\u1782\u17d2\u179a\u17c4\u17c7<\/strong><\/p>\n

\u17a2\u17d2\u1793\u1780\u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb WordPress<\/strong> \u1780\u17c6\u178e\u17c2\u1791\u17b8 5.1<\/strong> \u17ac\u1780\u17d2\u179a\u17c4\u1798\u1793\u17c1\u17c7<\/p>\n

\u17e3. \u1795\u179b\u1794\u17c9\u17c8\u1796\u17b6\u179b\u17cb<\/strong><\/p>\n

\u1780\u17b6\u179a\u179c\u17b6\u1799\u179b\u17bb\u1780\u178a\u17c4\u1799\u1787\u17c4\u1782\u1787\u17d0\u1799 \u1793\u17b9\u1784\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1780\u17bc\u178a\u1796\u17b8\u1785\u1798\u17d2\u1784\u17b6\u1799 \u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17b6\u17c6\u1784\u179f\u17d2\u179a\u17bb\u1784\u200b\u1791\u17c5\u200b\u179b\u17be\u179c\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u178a\u17c4\u1799 WordPress\u17d4<\/p>\n

\u17e4. \u178a\u17c6\u178e\u17c4\u17c7\u179f\u17d2\u179a\u17b6\u1799<\/strong><\/p>\n

\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u178f\u17d2\u179a\u17bc\u179c\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u1791\u17c5\u1780\u17b6\u1793\u17cb\u1780\u17c6\u178e\u17c2\u1785\u17bb\u1784\u1780\u17d2\u179a\u17c4\u1799 Version 5.1.1<\/strong> \u1787\u17b6\u1794\u1793\u17d2\u1791\u17b6\u1793\u17cb \u17a0\u17be\u1799\u178f\u17b6\u1798\u178a\u17b6\u1793\u1794\u1793\u17d2\u178f\u200b\u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f \u1791\u17c5\u179b\u17be\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8 WordPress \u178a\u17c2\u179b\u1793\u17b9\u1784\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1787\u17bd\u179f\u1787\u17bb\u179b\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1791\u17b6\u17c6\u1784\u1793\u17c1\u17c7\u17d4<\/p>\n

\u17e5. \u179c\u17c1\u1794\u179f\u17b6\u1799\u1796\u17b6\u1780\u17cb\u1796\u17d0\u1793\u17d2\u1792
\n<\/strong><\/p>\n