7 matches found
WordPress Backup Migration <= 1.3.6 - Path Traversal
WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...
CVE-2023-6266
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...
CVE-2023-6266
creationtimestamp| type| source ---|---|--- 2024-01-11 10:26:29+00:00| seen| https://t.me/ctinow/166422 2025-12-19 21:03:10+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3maelni5lsm23 2026-06-23 14:06:11+00:00| exploited|...
CVE-2023-6266
CVE-2023-6266 - WordPress Backup Migration plugin : Concrete details show a path traversal/file validation flaw in the BMI_BACKUP path within the handle_downloading function, affecting all versions up to 1.3.6. Unauthenticated attackers can download backup files containing sensitive data (e.g., p...
WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure
Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...
Oracle Linux 9 : squid (ELSA-2023-6266)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6266 advisory. - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 Tenable has...
RHEL 9 : squid (RHSA-2023:6266)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6266 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: SQUID-2023:...