• Hallo,

    ich habe eine Email mit einem Website-Überprüfungsbericht (Geplanter Website-Überprüfungsbericht: Anfällige Software) erhalten,
    der einen Fehler aufzeigt von dem ich leider nicht weiß, wie ich damit umgehen soll. Siehe unten.

    Bitte um Unterstützung! Vielen Dank und liebe Grüße, Roya


    Die geplante Website-Überprüfung hat beim Überprüfen von https://www.hundetraining-mit-roya.at 1 Problem gefunden.

    Bekannte Schwachstellen

    WordPress core < 6.4.3 – Auth. (Admin+) PHP File Upload vulnerability

    Manage Vulnerability | View in Patchstack

    Manage Vulnerability führt zu folgenden Inhalten:

    WordPress Core was updated on 1. Februar 2024 at 18:29.


    Details

    Auth. (Admin+) PHP File Upload vulnerability discovered by Vinicius Marangoni in WordPress core (versions < 6.4.3)

    TypeWordPress

    Vulnerable Versions< 6.4.3

    CVE

    CVE-2018-14028

    Classification

    Arbitrary File Upload

    Publicly DisclosedJanuar 31, 2024

    Vulnerability Details: https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-4-3-auth-php-file-upload-vulnerability?_a_id=431

    Ein weiterer Link der Email führt zu folgendem Bericht:

    Website-Überprüfung  Kritisches Problem             Anfällige Software           2024-02-01 07:30:27 - vor 2 Tagen    81.19.159.38     

    Modul   Website-Überprüfung

    Typ        Kritisches Problem

    Beschreibung     Anfällige Software

    Zeitstempel        2024-02-01 07:30:27

    IP Address           81.19.159.38

    Benutzer            

    URL       Geplante WP-Cron-Aufgabe

    Ergebnisse         

    Warnung Bekannte Schwachstellen Details anzeigen

    Sauber Sperrliste Details anzeigen

    Unverarbeitete Details   Unverarbeitete Details anzeigen

    id               => 8577

    module           => site-scanner

    type             => critical-issue

    code             => vulnerable-software

    timestamp        => 2024-02-01 06:30:27

    init_timestamp   => 2024-02-01 06:30:03

    remote_ip        => 81.19.159.38

    user_id          => [empty string]

    url              => wp-cron

    memory_current   => 68494592

    memory_peak      => 69946216

    data             => Array

        results   => Array

            url       => https://www.hundetraining-mit-roya.at

            version   => 1.1

            entries   => Array

                blacklist         => Array

                    0   => Array

                        report_details   => https://transparencyreport.google.com/safe-browsing/search?url=www.hundetraining-mit-roya.at

                        status           => clean

                        vendor           => Array

                            slug    => google

                            label   => Google Safe Browsing

                vulnerabilities   => Array

                    0   => Array

                        type     => wordpress

                        issues   => Array

                            0   => Array

                                title               => WordPress core < 6.4.3 - Auth. (Admin+) PHP File Upload vulnerability

                                description         => Auth. (Admin+) PHP File Upload vulnerability discovered by Vinicius Marangoni in WordPress core (versions < 6.4.3)

                                affected_in         => < 6.4.3

                                fixed_in            => 6.4.3

                                references          => Array

                                    0   => Array

                                        slug    => patchstack

                                        label   => PatchStack

                                        refs    => Array( 1 )

                                    1   => Array

                                        slug    => cve

                                        label   => CVE

                                        refs    => Array( 1 )

                                type                => Array

                                    label   => Arbitrary File Upload

                                    slug    => [empty string]

                                id                  => ps-16147

                                created_at          => 2024-01-31T08:23:54+00:00

                                updated_at          => 2024-01-31T08:23:54+00:00

                                published_at        => 2024-01-31T08:07:54+00:00

                                score               => [double] 6.6

                                score_group         => [empty string]

                                score_vector        => [empty string]

                                is_exploited        => [boolean] false

                                patched_in_ranges   => Array

                                    0    => Array

                                        fixed_in       => 6.4.3

                                        from_version   => 6.4

                                        to_version     => 6.4.2

                                    1    => Array

                                        fixed_in       => 6.3.3

                                        from_version   => 6.3

                                        to_version     => 6.3.2

                                    2    => Array

                                        fixed_in       => 6.2.4

                                        from_version   => 6.2

                                        to_version     => 6.2.3

                                    3    => Array

                                        fixed_in       => 6.1.5

                                        from_version   => 6.1

                                        to_version     => 6.1.4

                                    4    => Array

                                        fixed_in       => 6.0.7

                                        from_version   => 6.0

                                        to_version     => 6.0.6

                                    5    => Array

                                        fixed_in       => 5.9.9

                                        from_version   => 5.9

                                        to_version     => 5.9.8

                                    6    => Array

                                        fixed_in       => 5.8.9

                                        from_version   => 5.8

                                        to_version     => 5.8.8

                                    7    => Array

                                        fixed_in       => 5.7.11

                                        from_version   => 5.7

                                        to_version     => 5.7.10

                                    8    => Array

                                        fixed_in       => 5.6.13

                                        from_version   => 5.6

                                        to_version     => 5.6.12

                                    9    => Array

                                        fixed_in       => 5.5.14

                                        from_version   => 5.5

                                        to_version     => 5.5.13

                                    10   => Array

                                        fixed_in       => 5.4.15

                                        from_version   => 5.4

                                        to_version     => 5.4.14

                                    11   => Array

                                        fixed_in       => 5.3.17

                                        from_version   => 5.3

                                        to_version     => 5.3.16

                                    12   => Array

                                        fixed_in       => 5.2.20

                                        from_version   => 5.2

                                        to_version     => 5.2.19

                                    13   => Array

                                        fixed_in       => 5.1.18

                                        from_version   => 5.1

                                        to_version     => 5.1.17

                                    14   => Array

                                        fixed_in       => 5.0.21

                                        from_version   => 5.0

                                        to_version     => 5.0.20

                                    15   => Array

                                        fixed_in       => 4.9.25

                                        from_version   => 4.9

                                        to_version     => 4.9.24

                                    16   => Array

                                        fixed_in       => 4.8.24

                                        from_version   => 4.8

                                        to_version     => 4.8.23

                                    17   => Array

                                        fixed_in       => 4.7.28

                                        from_version   => 4.7

                                        to_version     => 4.7.27

                                    18   => Array

                                        fixed_in       => 4.6.28

                                        from_version   => 4.6

                                        to_version     => 4.6.27

                                    19   => Array

                                        fixed_in       => 4.5.31

                                        from_version   => 4.5

                                        to_version     => 4.5.30

                                    20   => Array

                                        fixed_in       => 4.4.32

                                        from_version   => 4.4

                                        to_version     => 4.4.31

                                    21   => Array

                                        fixed_in       => 4.3.33

                                        from_version   => 4.3

                                        to_version     => 4.3.32

                                    22   => Array

                                        fixed_in       => 4.2.37

                                        from_version   => 4.2

                                        to_version     => 4.2.36

                                    23   => Array

                                        fixed_in       => 4.1.40

                                        from_version   => 4.1

                                        to_version     => 4.1.39

                                    24   => Array

                                        fixed_in       => 4.0.38

                                        from_version   => 4.0

                                        to_version     => 4.0.37

                        link     => https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuSGlfd0hvUWhPak9VOXRteHNuSE5LNkhIVm00cTJRSlBFLVdOM3NFNGNHVVdMZXlyU1hmTm9kNmc2bmFpSjgwQ1VQRG4zUml6RlR5QU9COHh1WVpyWDVSTE12Q1VYXzRqc3JhbDRzdjliUEJ6UXMxUm83bmZVMnlQUkJKN2o2SjA3bnVDM1hwSnY5RldXRWxTWEhuaHhZbEJrek12RnY3OGFTWVlmb3dGVXA5a256ZEdxeW5RMV9FaUV5TW1tam5ZQVJpS1pqYnNFRGlEVElMc1RsVThIV2tQMWdiNzI1eWE5aXVPaFNuRE1SenlyekJRZjJjQ2hEa3BpOE1FN3RBR3Q2NVJ1a2RqbWVmVlUxNDNQTUdsNC1oZ3F5djRyaXI3ZFduOXI1ak13cUF6U0s3R0Z3bFlPZHU4dHNfV1hXU0hqTDZFaEtRTmVHUS0tSTJXUkRBT3NkMThWd3ZiOVczWlhYOHRiSXpkLU1ielpSQnY%253D

            errors    => Array()

        cached    => [boolean] false

    Bericht zum Website Zustand

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535

    Warning: Array to string conversion in /home/.sites/85/site5774994/web/wp-admin/includes/class-wp-debug-data.php on line 1535
    `
    ### wp-core ###

    version: 6.4.3
    site_language: de_DE
    user_language: de_DE
    timezone: Europe/Vienna
    permalink: /%postname%/
    https_status: true
    multisite: false
    user_registration: 0
    blog_public: 1
    default_comment_status: undefined
    environment_type: production
    user_count: 1
    dotorg_communication: true

    ### wp-paths-sizes ###

    wordpress_path: /home/.sites/85/site5774994/web
    wordpress_size: 62,21 MB (65228878 bytes)
    uploads_path: /home/.sites/85/site5774994/web/wp-content/uploads
    uploads_size: 5,57 MB (5836683 bytes)
    themes_path: /home/.sites/85/site5774994/web/wp-content/themes
    themes_size: 5,12 MB (5372401 bytes)
    plugins_path: /home/.sites/85/site5774994/web/wp-content/plugins
    plugins_size: 73,11 MB (76660910 bytes)
    database_size: 40,92 MB (42909696 bytes)
    total_size: 186,93 MB (196008568 bytes)

    ### wp-dropins (1) ###

    advanced-cache.php: true

    ### wp-active-theme ###

    name: GeneratePress (generatepress)
    version: 3.3.1
    author: Tom Usborne
    author_website: https://tomusborne.com
    parent_theme: none
    theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, post-thumbnails, post-formats, woocommerce, title-tag, html5, customize-selective-refresh-widgets, align-wide, responsive-embeds, editor-color-palette, custom-logo, menus, editor-styles, editor-style, widgets
    theme_path: /home/.sites/85/site5774994/web/wp-content/themes/generatepress
    auto_update: Aktiviert

    ### wp-themes-inactive (2) ###

    Twenty Twenty-Four: version: 1.0, author: Das WordPress-Team, Automatische Aktualisierungen deaktiviert
    Twenty Twenty-Three: version: 1.3, author: Das WordPress-Team, Automatische Aktualisierungen aktiviert

    ### wp-plugins-active (9) ###

    Code Snippets: version: 3.6.2, author: Code Snippets Pro, Automatische Aktualisierungen aktiviert
    GenerateBlocks: version: 1.8.2, author: Tom Usborne, Automatische Aktualisierungen aktiviert
    GP Premium: version: 2.4.0, author: Tom Usborne, Automatische Aktualisierungen aktiviert
    Maintenance PRO: version: 5.24, author: LintedCode LLC, Automatische Aktualisierungen aktiviert
    Rank Math SEO: version: 1.0.212, author: Rank Math, Automatische Aktualisierungen aktiviert
    Solid Security Basic: version: 9.3.0, author: SolidWP, Automatische Aktualisierungen aktiviert
    W3 Total Cache: version: 2.6.1, author: BoldGrid, Automatische Aktualisierungen aktiviert
    WPvivid Backup Plugin: version: 0.9.95, author: WPvivid Team, Automatische Aktualisierungen aktiviert
    Yoast Duplicate Post: version: 4.5, author: Enrico Battocchi & Team Yoast, Automatische Aktualisierungen aktiviert

    ### code-snippets (3) ###

    snippet-5: name: Add image title to featured images, scope: global, modified: 2023-05-26 04:25:21
    snippet-7: name: Show local fonts in WP block editor, scope: global, modified: 2023-06-03 11:59:40
    snippet-8: name: Disable WordPress login hints after failed login attempts, scope: global, modified: 2023-06-08 11:42:10

    ### wp-media ###

    image_editor: WP_Image_Editor_Imagick
    imagick_module_version: 1692
    imagemagick_version: ImageMagick 6.9.12-67 Q16 x86_64 17519 https://legacy.imagemagick.org
    imagick_version: 3.7.0
    file_uploads: 1
    post_max_size: 128M
    upload_max_filesize: 60M
    max_effective_size: 60 MB
    max_file_uploads: 20
    imagick_limits:
    imagick::RESOURCETYPE_AREA: 251 GB
    imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
    imagick::RESOURCETYPE_FILE: 768
    imagick::RESOURCETYPE_MAP: 251 GB
    imagick::RESOURCETYPE_MEMORY: 125 GB
    imagick::RESOURCETYPE_THREAD: 1
    imagick::RESOURCETYPE_TIME: 9.2233720368548E+18
    imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
    gd_version: bundled (2.1.0 compatible)
    gd_formats: GIF, JPEG, PNG, WebP, BMP
    ghostscript_version: 9.27

    ### wp-server ###

    server_architecture: Linux 4.18.0-372.26.1.lve.1.el8.x86_64 x86_64
    httpd_software: Apache
    php_version: 8.2.14 64bit
    php_sapi: fpm-fcgi
    max_input_variables: 3000
    time_limit: 180
    memory_limit: 256M
    max_input_time: 180
    upload_max_filesize: 60M
    php_post_max_size: 128M
    curl_version: 7.61.1 OpenSSL/1.1.1k
    suhosin: false
    imagick_availability: true
    pretty_permalinks: true
    htaccess_extra_rules: true
    current: 2024-02-03T13:48:43+00:00
    utc-time: Saturday, 03-Feb-24 13:48:43 UTC
    server-time: 2024-02-03T14:48:41+01:00

    ### wp-database ###

    extension: mysqli
    server_version: 5.7.44-log
    client_version: mysqlnd 8.2.14
    max_allowed_packet: 16777216
    max_connections: 505

    ### wp-constants ###

    WP_HOME: https://www.hundetraining-mit-roya.at
    WP_SITEURL: https://www.hundetraining-mit-roya.at
    WP_CONTENT_DIR: /home/.sites/85/site5774994/web/wp-content
    WP_PLUGIN_DIR: /home/.sites/85/site5774994/web/wp-content/plugins
    WP_MEMORY_LIMIT: 256M
    WP_MAX_MEMORY_LIMIT: 256M
    WP_DEBUG: false
    WP_DEBUG_DISPLAY: true
    WP_DEBUG_LOG: false
    SCRIPT_DEBUG: false
    WP_CACHE: true
    CONCATENATE_SCRIPTS: undefined
    COMPRESS_SCRIPTS: undefined
    COMPRESS_CSS: undefined
    WP_ENVIRONMENT_TYPE: Nicht definiert
    WP_DEVELOPMENT_MODE: undefined
    DB_CHARSET: utf8mb4
    DB_COLLATE: undefined

    ### wp-filesystem ###

    wordpress: writable
    wp-content: writable
    uploads: writable
    plugins: writable
    themes: writable

    ### solid-security ###

    pro: free
    initial_build: 4126
    activated: 2023-05-06 02:43:08
    patchstack: false
    modules:
    0: ban-users
    1: brute-force
    2: security-check-pro
    3: ssl
    4: malware-scheduling
    5: firewall
    settings:
    ban-users: Array
    brute-force: Array
    firewall: Array
    global: Array
    system-tweaks: Array
    wordpress-tweaks: Array
    hide-backend: Array
    user_groups:
    0: Array
    1: Array
    2: Array
    3: Array
    4: Array
    • Dieses Thema wurde geändert vor 11 Monaten, 3 Wochen von Hans-Gerd Gerhards.
    • Dieses Thema wurde geändert vor 11 Monaten, 3 Wochen von Hans-Gerd Gerhards. Grund: Korrektur der Formatierung

    Die Seite, für die ich Hilfe brauche: [Anmelden, um den Link zu sehen]

Ansicht von 5 Antworten – 1 bis 5 (von insgesamt 5)
  • Moderationshinweis: Sorry, das Thema wurde leider von der Forensoftware zurückgehalten. Ich musste das Thema erst freischalten.
    Vermutlich hängt das damit zusammen, dass du das komplette Thema als Code formatiert hast.

    Hallo,
    ich vermute, dass das Problem mit einem der drei Code-Snippets zusammenhängt.
    Am besten deaktivierst du nach einer Sicherung zunächst mal Snippet für Snippet und testest jeweils danach, ob das Problem danach gelöst ist.

    Viele Grüße
    Hans-Gerd

    Oder es ist falscher Alarm. Wann genau hast du / wurde auf 6.4.3 geupdatet?

    Thread-Starter Roya

    (@royaho)

    Hallo und danke für eure Antworten!

    Ja, ich habe so viele Informationen wie möglich bereit gestellt. Das wurde in den Foren-Regeln so empfohlen.

    Leider kenne ich mich mit der Materie überhaupt nicht gut aus. Die Entwicklerin meiner Website hat mit dem Job aufgehört und gibt mir leider keinen Support mehr. Das bedeutet, dass ich mir das mit den Code-Snippets erst genauer ansehen muss, bzw. mich überhaupt erst in diese Materie einarbeiten müsste. Wie kann ich das bitte testen? Welche Funktion muss ich dabei aufrufen?

    Ja, es erfolgte ein paar Stunden bevor ich diese Nachricht erhalten habe, ein Update von WordPress auf Version  6.4.3. (WordPress Core was updated on 1. Februar 2024 at 18:29). Falscher Alarm wäre mir natürlich am Liebsten 😉

    Vielen Dank nochmal und liebe Grüße!
    Roya

    Moderationshinweis: Ich schließe das Thema, weil du das bereits hier gepostet hast: https://de.wordpress.org/support/topic/wordpress-6-4-3-php-8-3-kompatibilitaet/.

Ansicht von 5 Antworten – 1 bis 5 (von insgesamt 5)
  • Das Thema „WordPress 6.4.3 – PHP File Upload vulnerability“ ist für neue Antworten geschlossen.