手动修复 wordpress WP_Image_Editor_Imagick 指令注入漏洞

漏洞名称: wordpress WP_Image_Editor_Imagick 指令注入漏洞

漏洞地址: /wordpress/wp-includes/media.php

漏洞等级: 高危

关于 ImageTragick 漏洞(官网):
https://imagetragick.com/

知乎:
https://www.zhihu.com/question/45404544

太高深莫测了,小白我摸不着头脑。

手动修复

1.临时方案,删了它。

rm -rf /usr/local/imagemagick/

2.替换GD库。

vim /wp-includes/media.php

$implementations = apply_filters( 'wp_image_editors', array( 'WP_Image_Editor_Imagick' , 'WP_Image_Editor_GD' ) );

改成:

$implementations = apply_filters( 'wp_image_editors', array( 'WP_Image_Editor_GD' ,'WP_Image_Editor_Imagick' ) );

Author: Nevin van Chung

A hacker, Write C / Python on Unix.

Leave a Reply