WordPress 6.4.3 – PHP File Upload vulnerability
-
Hallo,
ich habe eine Email mit einem Website-Überprüfungsbericht (Geplanter Website-Überprüfungsbericht: Anfällige Software) erhalten,
der einen Fehler aufzeigt von dem ich leider nicht weiß, wie ich damit umgehen soll. Siehe unten.
Bitte um Unterstützung! Vielen Dank und liebe Grüße, Roya
Die geplante Website-Überprüfung hat beim Überprüfen von https://www.hundetraining-mit-roya.at 1 Problem gefunden.
Bekannte Schwachstellen
WordPress core < 6.4.3 – Auth. (Admin+) PHP File Upload vulnerability
Manage Vulnerability | View in Patchstack
Manage Vulnerability führt zu folgenden Inhalten:
WordPress Core was updated on 1. Februar 2024 at 18:29.Details
Auth. (Admin+) PHP File Upload vulnerability discovered by Vinicius Marangoni in WordPress core (versions < 6.4.3)
TypeWordPress
Vulnerable Versions< 6.4.3
CVE
CVE-2018-14028
Classification
Arbitrary File Upload
Publicly DisclosedJanuar 31, 2024
Vulnerability Details: https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-4-3-auth-php-file-upload-vulnerability?_a_id=431
Ein weiterer Link der Email führt zu folgendem Bericht:
Website-Überprüfung Kritisches Problem Anfällige Software 2024-02-01 07:30:27 - vor 2 Tagen 81.19.159.38
Modul Website-Überprüfung
Typ Kritisches Problem
Beschreibung Anfällige Software
Zeitstempel 2024-02-01 07:30:27
IP Address 81.19.159.38
Benutzer
URL Geplante WP-Cron-Aufgabe
Ergebnisse
Warnung Bekannte Schwachstellen Details anzeigen
Sauber Sperrliste Details anzeigen
Unverarbeitete Details Unverarbeitete Details anzeigen
id => 8577
module => site-scanner
type => critical-issue
code => vulnerable-software
timestamp => 2024-02-01 06:30:27
init_timestamp => 2024-02-01 06:30:03
remote_ip => 81.19.159.38
user_id => [empty string]
url => wp-cron
memory_current => 68494592
memory_peak => 69946216
data => Array
results => Array
url => https://www.hundetraining-mit-roya.at
version => 1.1
entries => Array
blacklist => Array
0 => Array
report_details => https://transparencyreport.google.com/safe-browsing/search?url=www.hundetraining-mit-roya.at
status => clean
vendor => Array
slug => google
label => Google Safe Browsing
vulnerabilities => Array
0 => Array
type => wordpress
issues => Array
0 => Array
title => WordPress core < 6.4.3 - Auth. (Admin+) PHP File Upload vulnerability
description => Auth. (Admin+) PHP File Upload vulnerability discovered by Vinicius Marangoni in WordPress core (versions < 6.4.3)
affected_in => < 6.4.3
fixed_in => 6.4.3
references => Array
0 => Array
slug => patchstack
label => PatchStack
refs => Array( 1 )
1 => Array
slug => cve
label => CVE
refs => Array( 1 )
type => Array
label => Arbitrary File Upload
slug => [empty string]
id => ps-16147
created_at => 2024-01-31T08:23:54+00:00
updated_at => 2024-01-31T08:23:54+00:00
published_at => 2024-01-31T08:07:54+00:00
score => [double] 6.6
score_group => [empty string]
score_vector => [empty string]
is_exploited => [boolean] false
patched_in_ranges => Array
0 => Array
fixed_in => 6.4.3
from_version => 6.4
to_version => 6.4.2
1 => Array
fixed_in => 6.3.3
from_version => 6.3
to_version => 6.3.2
2 => Array
fixed_in => 6.2.4
from_version => 6.2
to_version => 6.2.3
3 => Array
fixed_in => 6.1.5
from_version => 6.1
to_version => 6.1.4
4 => Array
fixed_in => 6.0.7
from_version => 6.0
to_version => 6.0.6
5 => Array
fixed_in => 5.9.9
from_version => 5.9
to_version => 5.9.8
6 => Array
fixed_in => 5.8.9
from_version => 5.8
to_version => 5.8.8
7 => Array
fixed_in => 5.7.11
from_version => 5.7
to_version => 5.7.10
8 => Array
fixed_in => 5.6.13
from_version => 5.6
to_version => 5.6.12
9 => Array
fixed_in => 5.5.14
from_version => 5.5
to_version => 5.5.13
10 => Array
fixed_in => 5.4.15
from_version => 5.4
to_version => 5.4.14
11 => Array
fixed_in => 5.3.17
from_version => 5.3
to_version => 5.3.16
12 => Array
fixed_in => 5.2.20
from_version => 5.2
to_version => 5.2.19
13 => Array
fixed_in => 5.1.18
from_version => 5.1
to_version => 5.1.17
14 => Array
fixed_in => 5.0.21
from_version => 5.0
to_version => 5.0.20
15 => Array
fixed_in => 4.9.25
from_version => 4.9
to_version => 4.9.24
16 => Array
fixed_in => 4.8.24
from_version => 4.8
to_version => 4.8.23
17 => Array
fixed_in => 4.7.28
from_version => 4.7
to_version => 4.7.27
18 => Array
fixed_in => 4.6.28
from_version => 4.6
to_version => 4.6.27
19 => Array
fixed_in => 4.5.31
from_version => 4.5
to_version => 4.5.30
20 => Array
fixed_in => 4.4.32
from_version => 4.4
to_version => 4.4.31
21 => Array
fixed_in => 4.3.33
from_version => 4.3
to_version => 4.3.32
22 => Array
fixed_in => 4.2.37
from_version => 4.2
to_version => 4.2.36
23 => Array
fixed_in => 4.1.40
from_version => 4.1
to_version => 4.1.39
24 => Array
fixed_in => 4.0.38
from_version => 4.0
to_version => 4.0.37
link => https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuSGlfd0hvUWhPak9VOXRteHNuSE5LNkhIVm00cTJRSlBFLVdOM3NFNGNHVVdMZXlyU1hmTm9kNmc2bmFpSjgwQ1VQRG4zUml6RlR5QU9COHh1WVpyWDVSTE12Q1VYXzRqc3JhbDRzdjliUEJ6UXMxUm83bmZVMnlQUkJKN2o2SjA3bnVDM1hwSnY5RldXRWxTWEhuaHhZbEJrek12RnY3OGFTWVlmb3dGVXA5a256ZEdxeW5RMV9FaUV5TW1tam5ZQVJpS1pqYnNFRGlEVElMc1RsVThIV2tQMWdiNzI1eWE5aXVPaFNuRE1SenlyekJRZjJjQ2hEa3BpOE1FN3RBR3Q2NVJ1a2RqbWVmVlUxNDNQTUdsNC1oZ3F5djRyaXI3ZFduOXI1ak13cUF6U0s3R0Z3bFlPZHU4dHNfV1hXU0hqTDZFaEtRTmVHUS0tSTJXUkRBT3NkMThWd3ZiOVczWlhYOHRiSXpkLU1ielpSQnY%253D
errors => Array()
cached => [boolean] false
Bericht zum Website Zustand
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
`
### wp-core ###
version: 6.4.3
site_language: de_DE
user_language: de_DE
timezone: Europe/Vienna
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: undefined
environment_type: production
user_count: 1
dotorg_communication: true
### wp-paths-sizes ###
wordpress_path: /home/.sites/85/site5774994/web
wordpress_size: 62,21 MB (65228878 bytes)
uploads_path: /home/.sites/85/site5774994/web/wp-content/uploads
uploads_size: 5,57 MB (5836683 bytes)
themes_path: /home/.sites/85/site5774994/web/wp-content/themes
themes_size: 5,12 MB (5372401 bytes)
plugins_path: /home/.sites/85/site5774994/web/wp-content/plugins
plugins_size: 73,11 MB (76660910 bytes)
database_size: 40,92 MB (42909696 bytes)
total_size: 186,93 MB (196008568 bytes)
### wp-dropins (1) ###
advanced-cache.php: true
### wp-active-theme ###
name: GeneratePress (generatepress)
version: 3.3.1
author: Tom Usborne
author_website: https://tomusborne.com
parent_theme: none
theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, post-thumbnails, post-formats, woocommerce, title-tag, html5, customize-selective-refresh-widgets, align-wide, responsive-embeds, editor-color-palette, custom-logo, menus, editor-styles, editor-style, widgets
theme_path: /home/.sites/85/site5774994/web/wp-content/themes/generatepress
auto_update: Aktiviert
### wp-themes-inactive (2) ###
Twenty Twenty-Four: version: 1.0, author: Das WordPress-Team, Automatische Aktualisierungen deaktiviert
Twenty Twenty-Three: version: 1.3, author: Das WordPress-Team, Automatische Aktualisierungen aktiviert
### wp-plugins-active (9) ###
Code Snippets: version: 3.6.2, author: Code Snippets Pro, Automatische Aktualisierungen aktiviert
GenerateBlocks: version: 1.8.2, author: Tom Usborne, Automatische Aktualisierungen aktiviert
GP Premium: version: 2.4.0, author: Tom Usborne, Automatische Aktualisierungen aktiviert
Maintenance PRO: version: 5.24, author: LintedCode LLC, Automatische Aktualisierungen aktiviert
Rank Math SEO: version: 1.0.212, author: Rank Math, Automatische Aktualisierungen aktiviert
Solid Security Basic: version: 9.3.0, author: SolidWP, Automatische Aktualisierungen aktiviert
W3 Total Cache: version: 2.6.1, author: BoldGrid, Automatische Aktualisierungen aktiviert
WPvivid Backup Plugin: version: 0.9.95, author: WPvivid Team, Automatische Aktualisierungen aktiviert
Yoast Duplicate Post: version: 4.5, author: Enrico Battocchi & Team Yoast, Automatische Aktualisierungen aktiviert
### code-snippets (3) ###
snippet-5: name: Add image title to featured images, scope: global, modified: 2023-05-26 04:25:21
snippet-7: name: Show local fonts in WP block editor, scope: global, modified: 2023-06-03 11:59:40
snippet-8: name: Disable WordPress login hints after failed login attempts, scope: global, modified: 2023-06-08 11:42:10
### wp-media ###
image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1692
imagemagick_version: ImageMagick 6.9.12-67 Q16 x86_64 17519 https://legacy.imagemagick.org
imagick_version: 3.7.0
file_uploads: 1
post_max_size: 128M
upload_max_filesize: 60M
max_effective_size: 60 MB
max_file_uploads: 20
imagick_limits:
imagick::RESOURCETYPE_AREA: 251 GB
imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
imagick::RESOURCETYPE_FILE: 768
imagick::RESOURCETYPE_MAP: 251 GB
imagick::RESOURCETYPE_MEMORY: 125 GB
imagick::RESOURCETYPE_THREAD: 1
imagick::RESOURCETYPE_TIME: 9.2233720368548E+18
imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
gd_version: bundled (2.1.0 compatible)
gd_formats: GIF, JPEG, PNG, WebP, BMP
ghostscript_version: 9.27
### wp-server ###
server_architecture: Linux 4.18.0-372.26.1.lve.1.el8.x86_64 x86_64
httpd_software: Apache
php_version: 8.2.14 64bit
php_sapi: fpm-fcgi
max_input_variables: 3000
time_limit: 180
memory_limit: 256M
max_input_time: 180
upload_max_filesize: 60M
php_post_max_size: 128M
curl_version: 7.61.1 OpenSSL/1.1.1k
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: true
current: 2024-02-03T13:48:43+00:00
utc-time: Saturday, 03-Feb-24 13:48:43 UTC
server-time: 2024-02-03T14:48:41+01:00
### wp-database ###
extension: mysqli
server_version: 5.7.44-log
client_version: mysqlnd 8.2.14
max_allowed_packet: 16777216
max_connections: 505
### wp-constants ###
WP_HOME: https://www.hundetraining-mit-roya.at
WP_SITEURL: https://www.hundetraining-mit-roya.at
WP_CONTENT_DIR: /home/.sites/85/site5774994/web/wp-content
WP_PLUGIN_DIR: /home/.sites/85/site5774994/web/wp-content/plugins
WP_MEMORY_LIMIT: 256M
WP_MAX_MEMORY_LIMIT: 256M
WP_DEBUG: false
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: false
SCRIPT_DEBUG: false
WP_CACHE: true
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: Nicht definiert
WP_DEVELOPMENT_MODE: undefined
DB_CHARSET: utf8mb4
DB_COLLATE: undefined
### wp-filesystem ###
wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
### solid-security ###
pro: free
initial_build: 4126
activated: 2023-05-06 02:43:08
patchstack: false
modules:
0: ban-users
1: brute-force
2: security-check-pro
3: ssl
4: malware-scheduling
5: firewall
settings:
ban-users: Array
brute-force: Array
firewall: Array
global: Array
system-tweaks: Array
wordpress-tweaks: Array
hide-backend: Array
user_groups:
0: Array
1: Array
2: Array
3: Array
4: Array- Dieses Thema wurde geändert vor 11 Monaten, 3 Wochen von .
- Dieses Thema wurde geändert vor 11 Monaten, 3 Wochen von . Grund: Korrektur der Formatierung
Die Seite, für die ich Hilfe brauche: [Anmelden, um den Link zu sehen]
- Das Thema „WordPress 6.4.3 – PHP File Upload vulnerability“ ist für neue Antworten geschlossen.