oceanwp ocean_extra 可信数据的反序列化

admin

0
文章

0
评论

2023-11-30 05:22:56 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

oceanwp ocean_extra 可信数据的反序列化

CVE编号

CVE-2022-3374

利用情况

暂无

补丁情况

N/A

披露时间

2022-11-01

漏洞描述

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://wpscan.com/vulnerability/22fd3f28-9036-4bd5-ad98-ff78bd1b51bc

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	oceanwp	ocean_extra	*		Up to (excluding) 2.0.5
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	kernel	*		Up to (excluding) 4.19.91-27.2.al7
	运行在以下环境
	系统	amazon_2	kernel	*		Up to (excluding) 5.10.130-118.517.amzn2
	运行在以下环境
	系统	amazon_2022	kernel	*		Up to (excluding) 5.15.73-45.135.amzn2022
	运行在以下环境
	系统	amazon_2023	kernel	*		Up to (excluding) 6.1.10-15.42.amzn2023
	运行在以下环境
	系统	amazon_AMI	kernel	*		Up to (excluding) 4.14.287-148.504.amzn1
	运行在以下环境
	系统	anolis_os_7	kernel	*		Up to (excluding) 4.19
	运行在以下环境
	系统	anolis_os_8	kernel	*		Up to (excluding) 4.19
	运行在以下环境
	系统	fedora_35	xen-libs	*		Up to (excluding) 4.15.3-6.fc35
	运行在以下环境
	系统	fedora_36	xen-devel	*		Up to (excluding) 4.16.2-2.fc36
	运行在以下环境
	系统	fedora_37	xen-libs	*		Up to (excluding) 4.16.2-2.fc37
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	kernel	*		Up to (excluding) 4.19.90-25.18.v2101.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	kernel	*		Up to (excluding) 4.19.90-25.18.v2101.ky10
	运行在以下环境
	系统	opensuse_5.2	xen-libs	*		Up to (excluding) 5.3.18-150300.59.90.1.150300.18.52.1
	运行在以下环境
	系统	opensuse_Leap_15.3	xen	*		Up to (excluding) 5.3.18-150300.59.90.1
	运行在以下环境
	系统	opensuse_Leap_15.4	dtb-al	*		Up to (excluding) 5.14.21-150400.24.11.1
	运行在以下环境
	系统	oracle_9	kernel	*		Up to (excluding) 5.14.0-284.11.1.el9_2
	运行在以下环境
	系统	redhat_9	kernel	*		Up to (excluding) 5.14.0-284.11.1.el9_2
	运行在以下环境
	系统	suse_12_SP5	xen	*		Up to (excluding) 4.12.14-122.127.1