ProHoster > ΠΠ»ΠΎΠ³ > xov xwm hauv internet > Unpatched tseem ceeb vulnerability nyob rau hauv lub vBulletin lub rooj sab laj lub vev xaib cav (hloov kho)
Unpatched tseem ceeb vulnerability nyob rau hauv lub vBulletin lub rooj sab laj lub vev xaib cav (hloov kho)
Qhia tawm cov ntaub ntawv hais txog qhov tsis raug kho (0-hnub) qhov tsis zoo tseem ceeb (CVE-2019-16759) hauv lub cav muaj tswv yim tsim cov rooj sib tham hauv lub vev xaib Kev Vam Meej, uas tso cai rau koj kom ua tiav cov cai ntawm lub server los ntawm kev xa cov ntawv thov POST tshwj xeeb. Ib qho kev siv nyiaj ua haujlwm yog muaj rau qhov teeb meem. vBulletin yog siv los ntawm ntau qhov haujlwm qhib, suav nrog cov rooj sab laj raws li lub cav no. Ubuntu, openSUSE, BSD systems ΠΈ Slackware.
Qhov tsis zoo yog tam sim no nyob rau hauv "ajax / render / widget_php" handler, uas tso cai rau lub plhaub code kom dhau los ntawm "widgetConfig [code]" parameter (qhov tso tawm code tsuas yog dhau, koj tsis tas yuav khiav tawm dab tsi) . Kev tawm tsam tsis tas yuav muaj kev lees paub lub rooj sab laj. Qhov teeb meem tau lees paub hauv txhua qhov kev tshaj tawm tam sim no vBulletin 5.x ceg (tsim txij li xyoo 2012), suav nrog kev tso tawm tam sim no 5.5.4. Kev hloov tshiab nrog kev kho tseem tsis tau npaj.
Ntxiv 1: Rau versions 5.5.2, 5.5.3 thiab 5.5.4 tso tawm thaj ua rau thaj. Cov tswv ntawm cov laus 5.x tso tawm tau qhia ua ntej hloov kho lawv cov tshuab mus rau qhov kev txhawb nqa tshiab tshaj plaws kom tshem tawm qhov tsis zoo, tab sis raws li kev ua haujlwm. tautawm tswv yim tawm hu "eval($code)" hauv evalCode muaj nuj nqi code los ntawm cov ntaub ntawv suav nrog /vb5/frontend/controller/bbcode.php.