¶à¸öÄÚÈÝÖÎÀíϵͳËÁÒâ´úÂëÖ´Ðзì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-05-10

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-11831£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾

Drupal£ºDrupal 8.7£¬Drupal 8.6¼°Ö®Ç°°æ±¾£¬Drupal 7
Joomla£ºJoomla 3.9.3 µ½ 3.9.5

TYPO3£º2.0.0-2.1.0 ºÍ 3.0.0-3.1.0


·ì϶¸ÅÊö


¶à¸öÄÚÈÝÖÎÀíϵͳÔ̺¬Drupal£¬JoomlaºÍTypo3´æÔÚËÁÒâ´úÂëÖ´Ðзì϶¡£¸Ã·ì϶´æÔÚÓÚPHPÇý¶¯ÏîÄ¿ÖÐʹÓõÄpharÁ÷°ü×°Æ÷×é¼þÖС£Phar´æµµÓÃÓÚÔÚµ¥¸öÎļþÖзַ¢ÆëÈ«µÄPHPÀûÓ÷¨Ê½»ò¿â¡£


pharÁ÷°ü×°Æ÷ÊÇTypo3ÌṩµÄÒ»¸ö¿ªÔ´×é¼þ£¬ËüÔÊÐíÓû§²é³­¸ÃÎļþÊÇ·ñÊÇ´ÓÌض¨Ä¿Â¼¼ÓÔصÄÓµÓÐÕýÈ·ÎļþÀ©´óÃûµÄÓÐЧPharÎļþ£¬¹¥»÷ÕßÄܹ»ÈƹýΪpharÁ÷°ü×°Æ÷ÌṩµÄ±£»¤£¬²¢×îÖÕÌáÒéËÁÒâ´úÂëÖ´Ðй¥»÷¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£º


Drupal£ºDrupal 8.7Éý¼¶µ½8.7.1£¬ Drupal 8.6¼°Ö®Ç°°æ±¾Éý¼¶µ½8.6.16£¬ Drupal 7Éý¼¶µ½7.67
Joomla£ºÉý¼¶µ½Joomla 3.9.6

TYPO3£ºÉý¼¶µ½2.1.1 (for PHP v5.3 and later)ºÍ3.1.1 (for PHP v7.0 and later)


²Î¿¼Á´½Ó


https://www.drupal.org/sa-core-2019-007
https://developer.joomla.org/security-centre.html
https://typo3.org/security/advisory/typo3-psa-2019-007/