Tasiri
Ingantaccen maharin zai iya aiwatar da lambar PHP ta sabani akan sabar gidan yanar gizo mai tushe [S1]. Wannan yana ba da damar cikakken daidaitawar tsarin, gami da ɓarna bayanai, gyare-gyaren abun ciki na rukunin yanar gizo, da motsi na gefe a cikin mahalli mai ɗaukar hoto [S1].
Tushen Dalili
Rashin lahani yana wanzu a cikin mawaƙin samfurin SPIP da abubuwan haɗawa [S1]. Tsarin ya kasa inganta yadda ya kamata ko tsaftace shigarwa cikin takamaiman alamun samfuri lokacin sarrafa fayilolin da aka ɗora [S1]. Musamman, mai tarawa ba daidai ba yana sarrafa alamun INCLUDE ko INCLURE a cikin fayilolin HTML [S1]. Lokacin da maharin ya sami damar shiga waɗannan fayilolin da aka ɗora ta hanyar aikin valider_xml, ana sarrafa alamun ƙeta, wanda ke haifar da aiwatar da lambar PHP [S1].
Sigar da abin ya shafa
- Sigar SPIP 3.1.2 da duk nau'ikan da suka gabata [S1].
Gyarawa
Saukewa: ZXCVFIXVIBESEG10 Sabunta SPIP zuwa sabon salo sama da 3.1.2 don magance wannan raunin [S1]. Tabbatar cewa an iyakance izinin shigar da fayil ga amintattun masu amfani da gudanarwa kuma ba a adana fayilolin da aka ɗora a cikin kundayen adireshi inda sabar yanar gizo zata iya aiwatar da su azaman rubutun [S1].
Saukewa: ZXCVFIXVIBESEG11
Yadda FixVibe yayi gwajinsa
Saukewa: ZXCVFIXVIBESEG12 FixVibe na iya gano wannan raunin ta hanyoyi biyu na farko:
Saukewa: ZXCVFIXVIBESEG13
- Fitar yatsa mai wucewa: Ta hanyar nazarin taken martani na HTTP ko takamaiman alamun meta a cikin tushen HTML, FixVibe na iya gano sigar SPIP [S1] mai gudana. Idan sigar ta kasance 3.1.2 ko ƙasa, zai haifar da faɗakarwa mai ƙarfi [S1].
Saukewa: ZXCVFIXVIBESEG14
- Binciken Ma'ajiya: Ga masu amfani waɗanda suka haɗa ma'ajiyar su GitHub, FixVibe's repo scanner na iya duba fayilolin dogara ko sigar ma'anar ma'ana a cikin lambar tushe ta SPIP don gano shigarwar masu rauni ZXTOKEX.