| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover | 11 Mar 202400:00 | – | zdt | |
| CVE-2023-6114 | 26 Dec 202320:26 | – | circl | |
| WordPress Plugin Duplicator Security Vulnerability | 26 Dec 202300:00 | – | cnnvd | |
| CVE-2023-6114 | 26 Dec 202318:33 | – | cve | |
| CVE-2023-6114 Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure | 26 Dec 202318:33 | – | cvelist | |
| WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover | 11 Mar 202400:00 | – | exploitdb | |
| CVE-2023-6114 | 26 Dec 202319:15 | – | nvd | |
| WordPress Duplicator - WordPress Migration Plugin < 1.5.7.1 Information Disclosure Vulnerability | 5 Jan 202400:00 | – | openvas | |
| CVE-2023-6114 | 26 Dec 202319:15 | – | osv | |
| WordPress Duplicator Data Exposure / Account Takeover | 11 Mar 202400:00 | – | packetstorm |
id: CVE-2023-6114
info:
name: Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
author: DhiyaneshDk
severity: high
description: |
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
impact: |
Unauthenticated attackers can exploit directory listing to access temporary backup files containing full database dumps and site archives with sensitive data from WordPress Duplicator installations.
remediation: Duplicator Fixed in 1.5.7.1,Duplicator-Pro Fixed in 4.5.14.2.
reference:
- https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing
- https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1
- https://nvd.nist.gov/vuln/detail/CVE-2023-6114
- https://wpscan.com/plugin/duplicator/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-6114
cwe-id: CWE-552
epss-score: 0.30894
epss-percentile: 0.98033
cpe: cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:-:wordpress:*:*
metadata:
max-request: 2
vendor: awesomemotive
product: duplicator
framework: wordpress
google-query: inurl:"/wp-content/plugins/duplicator"
tags: cve,cve2023,duplicator,duplicator-pro,lfi,wpscan,wordpress,wp-plugin,wp,awesomemotive,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/backups-dup-lite/tmp/"
- "{{BaseURL}}/wp-content/backups-dup-pro/tmp/"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains(body, '/tmp') && contains(body, '<title>Index of')"
condition: and
# digest: 4b0a00483046022100af1103de1e0337e7e241e6864a340b6ca1af17e9603afac9e10e89b8fd4a733e022100fed1a3c3b974633ee18d2deb1c2b7000d786994f17063bab3a92104826fdd59d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation