| Ãë¾àÁ¡ID |
210278 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
WordPress ÄÚ¾î´Â ¹öÀü 6.5.2±îÁöÀÇ ´Ù¾çÇÑ ¹öÀü¿¡¼ ¾Æ¹ÙŸ ºí·ÏÀÇ »ç¿ëÀÚ Ç¥½Ã À̸§À» ÅëÇÑ ÀúÀåµÈ Cross-Site Scripting¿¡ Ãë¾àÇÕ´Ï´Ù. »ç¿ëÀÚ Ç¥½Ã À̸§¿¡ ´ëÇÑ ÃæºÐÇÏÁö ¾ÊÀº Ãâ·Â À̽ºÄÉÀÌÇÎÀ¸·Î ÀÎÇØ ¹ß»ýÇÕ´Ï´Ù. ÀÌ´Â ±â¿©ÀÚ ¼öÁØÀÇ ÀÎÁõµÈ °ø°ÝÀÚ°¡ ÀÓÀÇÀÇ À¥ ½ºÅ©¸³Æ®¸¦ ÁÖÀÔÇÏ¿© »ç¿ëÀÚ°¡ ÁÖÀÔµÈ ÆäÀÌÁö¿¡ ¾×¼¼½ºÇÒ ¶§¸¶´Ù ½ÇÇàµÉ ¼ö ÀÖ´Â ÆäÀÌÁö¿¡ ÁÖÀÔÇÒ ¼ö ÀÖ°Ô ÇÕ´Ï´Ù. ¶ÇÇÑ, ´ñ±Û ºí·ÏÀÌ Á¸ÀçÇÏ°í ´ñ±Û ÀÛ¼ºÀÚÀÇ ¾Æ¹ÙŸ¸¦ Ç¥½ÃÇÏ´Â ÆäÀÌÁö¿¡ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â ÀÎÁõµÇÁö ¾ÊÀº °ø°ÝÀÚµµ ÀÓÀÇÀÇ À¥ ½ºÅ©¸³Æ®¸¦ ÁÖÀÔÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.
* Âü°í »çÀÌÆ®:
https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve
https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/
https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php
* ¿µÇâ¹Þ´Â Ç÷§Æû:
WordPress 6.5.2 ¶Ç´Â ÀÌÀü ¹öÀü
Any operating system Any version |
| ÇØ°áÃ¥ |
´ÙÀ½ WordPress ´Ù¿î·Îµå À¥ ÆäÀÌÁö http://wordpress.org/download/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â ÀÌ Ãë¾àÁ¡À» ÇØ°áÇÑ WordPress ¹öÀü(6.5.2 ¶Ç´Â ±× ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù |
| °ü·Ã URL |
CVE-2024-4439 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
