2 matches found
WordPress Backup Migration Plugin 1.0.8-1.3.9 is vulnerable to Remote File Inclusion
Software Backup Migration Type Plugin Vulnerable versions 1.0.8-1.3.9 Fixed in 1.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Remote File Inclusion CVE CVE-2023-6971 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e70590c9be58 Credits NP3228 - NFlabs...
CVE-2023-6971
The Backup Migration plugin for WordPress (versions 1.0.8–1.3.9) is affected by CVE-2023-6971 due to a Remote File Inclusion via the content-dir header, enabling unauthenticated code execution when PHP is configured with allow_url_include=-on. The issue is exploitable under specific PHP configura...