"WordPress.Plugin.ThemeREX.sc_layout.Remote.Code.Execution"

特征库ID：
48807
漏洞级别：
critical
CVE ID：
CVE-2020-10257
建议的动作：
drop
受影响的系统：
Windows,Linux,BSD,Solaris,MacOS
协议：
tcp

攻击漏洞描述

这表示针对 Wordpress TimThumb 中的命令注入漏洞的攻击尝试。该漏洞是由于对应用程序中用户提供的输入的清理不足。远程攻击者可能能够利用它在应用程序的上下文中执行任意代码。

影响范围

Ozeum - Museum (ThemeREX Addons version before 1.70.3.1) Chit Club - Board Games (ThemeREX Addons version before 1.70.3.1) Yottis - Simple Portfolio (ThemeREX Addons version before 1.6.67.1) Helion - Agency & Portfolio Theme (ThemeREX Addons version before 1.6.66.1) Amuli (ThemeREX Addons version before 1.6.66.1) Nelson - Barbershop + Tattoo Salon (ThemeREX Addons version before 1.6.65.1) Hallelujah - Church (ThemeREX Addons version before 1.6.65.1) Right Way (ThemeREX Addons version before 1.6.65.1) Prider - Pride Fest (ThemeREX Addons version before 1.6.65.1) Mystik - Esoterics (ThemeREX Addons version before 1.6.62.3.1) Skydiving and Flying Company (ThemeREX Addons version before 1.6.62.4) DroneX - Aerial Photography Services (ThemeREX Addons version before 1.6.62.1.1) Samadhi - Buddhist (ThemeREX Addons version before 1.6.61.2.1) TanTum - Rent a car, Rent a bike, Rent a scooter Multiskin theme (ThemeREX Addons version before 1.6.61.3.1) Scientia - Public Library (ThemeREX Addons version before 1.6.61.2.1) Blabber (ThemeREX Addons version before 1.6.61.2.1) Impacto Patronus Multi-landing (ThemeREX Addons version before 1.6.61.1.1) Rare Radio (ThemeREX Addons version before 1.6.61.1) Piqes - Creative Startup & Agency WordPress Theme (ThemeREX Addons version before 1.6.60.1) Kratz - Digital Agency (ThemeREX Addons version before 1.6.59.4) Pixefy (ThemeREX Addons version before 1.6.59.3) Netmix - Broadband & Telecom (ThemeREX Addons version before 1.6.59.1.2) Kids Care (ThemeREX Addons version before 1.6.59.1) Briny - Diving WordPress Theme (ThemeREX Addons version before 1.6.58.3) Tornados (ThemeREX Addons version before 1.6.57.4) Gridiron (ThemeREX Addons version before 1.6.57.5) Yungen - Digital/Marketing Agency (ThemeREX Addons version before 1.6.57.2.1) FC United - Football (ThemeREX Addons version before 1.6.57.3.1) Bugster - Pests Control (ThemeREX Addons version before 1.6.57.3) Rumble - Single Fighter Boxer, News, Gym, Store. (ThemeREX Addons version before 1.6.57.1) Tacticool - Shooting Range WordPress Theme (ThemeREX Addons version before 1.6.56.1) Coinpress - Cryptocurrency Magazine & Blog WordPress Theme (ThemeREX Addons version before 1.6.55.5) Vihara - Ashram, Buddhist (ThemeREX Addons version before 1.6.55.8) Katelyn - Gutenberg WordPress Blog Theme (ThemeREX Addons version before 1.6.55.5) Heaven 11 - Multiskin Property Theme (ThemeREX Addons version before 1.6.55.2) Especio - Food Gutenberg Theme (ThemeREX Addons version before 1.6.54.1) Partiso_ElectionCampaign (ThemeREX Addons version before 1.6.53.2) Kargo - Freight Transport (ThemeREX Addons version before 1.6.53.4) Maxify - Startup Blog (ThemeREX Addons version before 1.6.53.3) Lingvico - Language Learning School (ThemeREX Addons version before 1.6.53.3) Aldo - Gutenberg WordPress Blog Theme (ThemeREX Addons version before 1.6.53.3) Vixus - Startup / Mobile Application (ThemeREX Addons version before 1.6.52.3) WellSpring _ Water Filter Systems (ThemeREX Addons version before 1.6.52.3) Nazareth - Church (ThemeREX Addons version before 1.6.52.2) Tediss - Soft Play Area, Cafe & Child Care Center (ThemeREX Addons version before 1.6.53.1) Yolox - Startup Magazine & Blog WordPress Theme (ThemeREX Addons version before 1.6.51.4) Meals and Wheels - Food Truck (ThemeREX Addons version before 1.6.51.4) Rosalinda - Vegetarian & Health Coach (ThemeREX Addons version before 1.6.51.2) Vapester (ThemeREX Addons version before 1.6.50.1) Modern Housewife - Housewife and Family Blog (ThemeREX Addons version before 1.6.50.1) ChainPress (ThemeREX Addons version before 1.6.50.2) Justitia - Multiskin Lawyer Theme (ThemeREX Addons version before 1.6.51.2) Hobo_Digital Nomad Blog (ThemeREX Addons version before 1.6.50.1) Rhodos - Creative Corporate WordPress Theme (ThemeREX Addons version before 1.6.50.2) Buzz Stone - Magazine & Blog (ThemeREX Addons version before 1.6.50.1) Corredo_Sport Event (ThemeREX Addons version before 1.6.49.10) SaveJulia Personal Fundraising Campaign (ThemeREX Addons version before 1.6.49.9) BonkoZoo_Zoo (ThemeREX Addons version before 1.6.49.7) Renewal - Plastic Surgeon Clinic (ThemeREX Addons version before 1.6.49.6.3) Gloss_blog (ThemeREX Addons version before 1.6.49.6) Plumbing - Repair, Building & Construction WordPress Theme (ThemeREX Addons version before 1.6.58.2.1) Topper Theme and Skins (ThemeREX Addons version before 1.6.61.3)