{"id":47959,"date":"2026-05-07T16:00:34","date_gmt":"2026-05-07T09:00:34","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47959"},"modified":"2026-05-29T16:01:16","modified_gmt":"2026-05-29T09:01:16","slug":"lo-hong-nghiem-trong-trong-metinfo-cms-2-000-instance-co-nguy-co-bi-tan-cong","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/lo-hong-nghiem-trong-trong-metinfo-cms-2-000-instance-co-nguy-co-bi-tan-cong\/","title":{"rendered":"L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong MetInfo CMS, 2.000 instance c\u00f3 nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng"},"content":{"rendered":"
M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng tr\u00ean h\u1ec7 qu\u1ea3n tr\u1ecb n\u1ed9i dung m\u00e3 ngu\u1ed3n m\u1edf MetInfo \u0111ang b\u1ecb c\u00e1c nh\u00f3m tin t\u1eb7c r\u00e1o ri\u1ebft khai th\u00e1c. \u0110\u00e1ng ch\u00fa \u00fd, l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng \u0111ang c\u00f3 xu h\u01b0\u1edbng b\u00f9ng ph\u00e1t m\u1ea1nh m\u1ebd t\u1ea1i khu v\u1ef1c ch\u00e2u \u00c1.<\/b>
\n\u200b<\/div>\n
\n
\"MetInfo<\/div>\n<\/div>\n
\nTheo b\u00e1o c\u00e1o m\u1edbi nh\u1ea5t t\u1eeb h\u00e3ng b\u1ea3o m\u1eadt VulnCheck, l\u1ed7 h\u1ed5ng n\u00e0y \u0111ang m\u1edf \u0111\u01b0\u1eddng cho c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 t\u1eeb xa, cho ph\u00e9p tin t\u1eb7c chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n h\u1ec7 th\u1ed1ng c\u1ee7a n\u1ea1n nh\u00e2n m\u00e0 kh\u00f4ng c\u1ea7n th\u1ef1c hi\u1ec7n b\u1ea5t k\u1ef3 b\u01b0\u1edbc x\u00e1c th\u1ef1c n\u00e0o. L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh CVE-2026-29014, \u0111\u1ea1t m\u1ee9c \u0111i\u1ec3m CVSS 9.8, \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn c\u00e1c phi\u00ean b\u1ea3n MetInfo CMS t\u1eeb 7.9 \u0111\u1ebfn 8.1.<\/p>\n

Nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt Egidio Romano, ng\u01b0\u1eddi ph\u00e1t hi\u1ec7n ra l\u1ed7 h\u1ed5ng, cho bi\u1ebft v\u1ea5n \u0111\u1ec1 n\u1eb1m trong t\u1ec7p \/app\/system\/weixin\/include\/class\/weixinreply.class.php. T\u1ea1i \u0111\u00e2y, d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng li\u00ean quan \u0111\u1ebfn API Weixin (WeChat) kh\u00f4ng \u0111\u01b0\u1ee3c l\u1ecdc v\u00e0 chu\u1ea9n h\u00f3a \u0111\u1ea7y \u0111\u1ee7, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n \u0111\u1ec3 ch\u00e8n m\u00e3 PHP \u0111\u1ed9c h\u1ea1i. Khi h\u1ec7 th\u1ed1ng x\u1eed l\u00fd c\u00e1c y\u00eau c\u1ea7u n\u00e0y, m\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c th\u1ef1c thi tr\u1ef1c ti\u1ebfp tr\u00ean m\u00e1y ch\u1ee7.<\/p>\n

Trong m\u1ed9t s\u1ed1 c\u1ea5u h\u00ecnh tri\u1ec3n khai, \u0111\u1eb7c bi\u1ec7t l\u00e0 tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00f4ng ph\u1ea3i Windows, vi\u1ec7c khai th\u00e1c c\u00f2n ph\u1ee5 thu\u1ed9c v\u00e0o s\u1ef1 t\u1ed3n t\u1ea1i s\u1eb5n c\u1ee7a th\u01b0 m\u1ee5c \/cache\/weixin\/. Th\u01b0 m\u1ee5c n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c t\u1ea1o ra khi c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh plugin WeChat ch\u00ednh th\u1ee9c, v\u00f4 t\u00ecnh tr\u1edf th\u00e0nh m\u1ed9t \u0111i\u1ec1u ki\u1ec7n h\u1ed7 tr\u1ee3 cho qu\u00e1 tr\u00ecnh t\u1ea5n c\u00f4ng.
\n\u200b<\/p><\/div>\n

\n
\"1778052061874.png\"<\/div>\n<\/div>\n
\nB\u1ea3n v\u00e1 kh\u1eafc ph\u1ee5c CVE-2026-29014 \u0111\u00e3 \u0111\u01b0\u1ee3c MetInfo ph\u00e1t h\u00e0nh v\u00e0o ng\u00e0y 7\/4\/2026. Tuy nhi\u00ean, ch\u1ec9 sau kho\u1ea3ng h\u01a1n hai tu\u1ea7n, c\u00e1c ho\u1ea1t \u0111\u1ed9ng khai th\u00e1c b\u1eaft \u0111\u1ea7u xu\u1ea5t hi\u1ec7n trong m\u00f4i tr\u01b0\u1eddng th\u1ef1c t\u1ebf. Theo ghi nh\u1eadn t\u1eeb c\u00f4ng ty nghi\u00ean c\u1ee9u VulnCheck, nh\u1eefng n\u1ed7 l\u1ef1c t\u1ea5n c\u00f4ng ban \u0111\u1ea7u di\u1ec5n ra v\u1edbi quy m\u00f4 nh\u1ecf, ch\u1ee7 y\u1ebfu nh\u1eafm v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng honeypot \u0111\u1eb7t t\u1ea1i M\u1ef9 v\u00e0 Singapore.<\/p>\n

\u0110\u1ebfn ng\u00e0y 1\/5\/2026, m\u1ee9c \u0111\u1ed9 ho\u1ea1t \u0111\u1ed9ng t\u0103ng m\u1ea1nh v\u00e0 c\u00f3 d\u1ea5u hi\u1ec7u chuy\u1ec3n h\u01b0\u1edbng t\u1eadp trung v\u00e0o c\u00e1c \u0111\u1ecba ch\u1ec9 IP t\u1ea1i Trung Qu\u1ed1c v\u00e0 Hong Kong. D\u1eef li\u1ec7u quan s\u00e1t cho th\u1ea5y kho\u1ea3ng 2.000 h\u1ec7 th\u1ed1ng MetInfo CMS \u0111ang \u0111\u01b0\u1ee3c c\u00f4ng khai tr\u00ean Internet, ph\u1ea7n l\u1edbn t\u1eadp trung t\u1ea1i Trung Qu\u1ed1c, l\u00e0m gia t\u0103ng nguy c\u01a1 b\u1ecb khai th\u00e1c di\u1ec7n r\u1ed9ng.<\/p>\n

C\u00e1c chuy\u00ean gia nh\u1eadn \u0111\u1ecbnh, vi\u1ec7c m\u1ed9t CMS ph\u1ed5 bi\u1ebfn b\u1ecb khai th\u00e1c nhanh sau khi c\u00f4ng b\u1ed1 l\u1ed7 h\u1ed5ng cho th\u1ea5y t\u1ed1c \u0111\u1ed9 v\u0169 kh\u00ed h\u00f3a ng\u00e0y c\u00e0ng r\u00fat ng\u1eafn c\u1ee7a c\u00e1c nh\u00f3m t\u1ea5n c\u00f4ng. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t \u0111\u00e1ng lo ng\u1ea1i v\u1edbi nh\u1eefng h\u1ec7 th\u1ed1ng c\u00f2n t\u1ed3n t\u1ea1i tr\u00ean Internet nh\u01b0ng ch\u01b0a \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt b\u1ea3n v\u00e1 k\u1ecbp th\u1eddi.<\/p>\n

Gi\u1edbi nghi\u00ean c\u1ee9u khuy\u1ebfn c\u00e1o c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng MetInfo CMS c\u1ea7n ki\u1ec3m tra ngay phi\u00ean b\u1ea3n \u0111ang v\u1eadn h\u00e0nh, \u00e1p d\u1ee5ng b\u1ea3n v\u00e1 m\u1edbi nh\u1ea5t t\u1eeb nh\u00e0 ph\u00e1t tri\u1ec3n, \u0111\u1ed3ng th\u1eddi r\u00e0 so\u00e1t c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng trong log m\u00e1y ch\u1ee7 \u0111\u1ec3 ph\u00e1t hi\u1ec7n s\u1edbm nguy c\u01a1 b\u1ecb x\u00e2m nh\u1eadp.
\n\u200b<\/p><\/div>\n

Theo The Hacker News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng tr\u00ean h\u1ec7 qu\u1ea3n tr\u1ecb n\u1ed9i dung m\u00e3 ngu\u1ed3n m\u1edf MetInfo \u0111ang b\u1ecb c\u00e1c nh\u00f3m tin t\u1eb7c r\u00e1o ri\u1ebft khai th\u00e1c. \u0110\u00e1ng ch\u00fa \u00fd, l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng \u0111ang c\u00f3 xu h\u01b0\u1edbng b\u00f9ng ph\u00e1t m\u1ea1nh m\u1ebd t\u1ea1i khu v\u1ef1c ch\u00e2u \u00c1. \u200b Theo b\u00e1o c\u00e1o m\u1edbi nh\u1ea5t […]<\/p>\n","protected":false},"author":20,"featured_media":47960,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47959","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47959"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47959\/revisions"}],"predecessor-version":[{"id":47961,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47959\/revisions\/47961"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47960"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}