PHP对象注入 on 办公AI智能小助手 https://blog.qife122.com/tags/php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5/ Recent content in PHP对象注入 on 办公AI智能小助手 Hugo zh-cn qife Mon, 05 Jan 2026 12:24:39 +0800 针对CVE-2025-22777 WordPress插件PHP对象注入漏洞的PoC技术分析 https://blog.qife122.com/p/%E9%92%88%E5%AF%B9cve-2025-22777-wordpress%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E7%9A%84poc%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90/ Mon, 05 Jan 2026 12:24:39 +0800 https://blog.qife122.com/p/%E9%92%88%E5%AF%B9cve-2025-22777-wordpress%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E7%9A%84poc%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90/ <h1 id="cve-2025-22777-givewp-plugin-php-object-injection-point-poc-">CVE-2025-22777-GiveWP-Plugin-PHP-Object-Injection-Point-PoC-</h1> <p>本仓库包含一个针对影响GiveWP WordPress插件的CVE-2025-22777漏洞的概念验证代码。代码仍在开发中,功能可能会随时间变化、损坏或改进。</p> WordPress Houzez 主题中的认证PHP对象注入漏洞分析 https://blog.qife122.com/p/wordpress-houzez-%E4%B8%BB%E9%A2%98%E4%B8%AD%E7%9A%84%E8%AE%A4%E8%AF%81php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Mon, 29 Dec 2025 12:23:08 +0800 https://blog.qife122.com/p/wordpress-houzez-%E4%B8%BB%E9%A2%98%E4%B8%AD%E7%9A%84%E8%AE%A4%E8%AF%81php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h2 id="cve-2025-9191---houzez--416---认证用户订阅者及以上权限通过保存搜索功能实现php对象注入">CVE-2025-9191 - Houzez &lt;= 4.1.6 - 认证用户(订阅者及以上权限)通过保存搜索功能实现PHP对象注入</h2> <h3 id="概述">概述</h3> <h3 id="漏洞描述">漏洞描述</h3> <p>WordPress的Houzez主题在4.1.6及之前的所有版本中,通过<code>saved-search-item.php</code>文件对不可信输入进行反序列化,存在PHP对象注入漏洞。这使得拥有订阅者及以上权限的认证攻击者能够注入PHP对象。</p> WordPress WP Store Locator插件PHP对象注入漏洞分析 https://blog.qife122.com/p/wordpress-wp-store-locator%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Mon, 27 Oct 2025 14:27:48 +0800 https://blog.qife122.com/p/wordpress-wp-store-locator%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h2 id="概述">概述</h2> <p>CVE-2025-52737是WordPress WP Store Locator插件中存在的一个PHP对象注入漏洞,影响2.2.260及更早版本。</p> <h2 id="漏洞描述">漏洞描述</h2> <p>WP Store Locator插件存在反序列化不可信数据漏洞,攻击者可通过此漏洞实现对象注入。该漏洞影响WP Store Locator插件从未知版本到2.2.260的所有版本。</p> WordPress插件PHP对象注入漏洞分析:CVE-2025-60209技术详解 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90cve-2025-60209%E6%8A%80%E6%9C%AF%E8%AF%A6%E8%A7%A3/ Sat, 25 Oct 2025 03:59:11 +0800 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6php%E5%AF%B9%E8%B1%A1%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90cve-2025-60209%E6%8A%80%E6%9C%AF%E8%AF%A6%E8%A7%A3/ <h2 id="概述">概述</h2> <p>CVE-2025-60209是一个存在于WordPress Connector for Gravity Forms and Google Sheets插件中的PHP对象注入漏洞,影响版本从n/a到1.2.6(含)。</p>