Lucene search
PRIOn knowledge basePRION:CVE-2023-6114HistoryDec 26, 2023 - 7:15 p.m.
Code injection
2023-12-2619:15:00
PRIOn knowledge base
www.prio-n.com
5
code injection
wordpress plugin
duplicator
directory listing
web server
sensitive data
attackers
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| duplicator | lt | 1.5.7.1 | |
| duplicator | lt | 4.5.14.2 |
Related
cve
cve
CVE-2023-6114
2023-12-26 19:15:08
packetstorm
packetstorm
WordPress Duplicator Data Exposure / Account Takeover
2024-03-11 00:00:00
openvas
openvas
nuclei
nuclei
wpexploit
wpexploit
nvd
nvd
CVE-2023-6114
2023-12-26 19:15:08
wpvulndb
wpvulndb
exploitdb
exploitdb
zdt
zdt
cvelist
cvelist
wordfence
wordfence