Lucene search

K
cve[email protected]CVE-2023-6972
HistoryDec 23, 2023 - 2:15 a.m.

CVE-2023-6972

2023-12-2302:15:45
CWE-22
web.nvd.nist.gov
30
cve-2023-6972
backup migration
wordpress
path traversal
vulnerability
security
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the ‘content-backups’ and ‘content-name’, ‘content-manifest’, or ‘content-bmitmp’ and ‘content-identy’ HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

Affected configurations

Vulners
NVD
Node
migratebackup_migrationRange1.3.9

CNA Affected

[
  {
    "vendor": "migrate",
    "product": "Backup Migration",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.3.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%