WordPress Arbitrary File Deletion Vulnerability Repair

    Read

Recently RIPS revealed that Wordpress up to 4.9.6 still has an arbitrary file deletion vulnerability. Wordpress sites with author and similar permissions are threatened by this vulnerability. An attacker can cause arbitrary file deletion by constructing the 'thumb' path of an attachment. Serious consequences will lead to the attacker obtaining the site administrator's permission to control the server.

Repair method: (post.php is the repaired)

SourceByrd's Weblog- https://note.t4x.org/other/wordpress-file-delete-to-code-execution/

Reference documents: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/?spm=5176.2020520154.sas.162.215f79d6cb4YoT SourceByrd's Weblog- https://note.t4x.org/other/wordpress-file-delete-to-code-execution/ SourceByrd's Weblog- https://note.t4x.org/other/wordpress-file-delete-to-code-execution/

Today in History
July
thirty-one
Statement: unless otherwise specified Byrd's Blog The content is original. Reproduction without permission is prohibited! For details, please read Copyright Statement !
Byrd
  • by Published on July 31, 2018
  • Original link: https://note.t4x.org/other/wordpress-file-delete-to-code-execution/
anonymous

Comment

Anonymous

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: