Lucene search
Dmitrii IgnatyevWPEX-ID:79B07F37-2C6B-4846-BB28-91A1E5BF112EHistoryMar 18, 2024 - 12:00 a.m.
BackWPup < 4.0.4 - Unauthenticated Backup Download
2024-03-1800:00:00
Dmitrii Ignatyev
66
apache configuration
directory listing
backup directory
unauthenticated access
Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site’s database.
1) Ensure that Apache is configured with the ability to list directory content.
2) When this is done, you can see the backup directory.
3) When the backup is in progress, you can access the backup at: http://your_site/wordpress/wp-content/uploads/backwpup-{hash}-temp/db.sqlReferences
Related
vulnrichment
vulnrichment
CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download
2024-04-08 17:28:14
wpvulndb
wpvulndb
BackWPup < 4.0.4 - Unauthenticated Backup Download
2024-03-18 00:00:00
nvd
nvd
CVE-2023-7164
2024-04-08 18:15:08
cve
cve
CVE-2023-7164
2024-04-08 18:15:08
cvelist
cvelist
CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download
2024-04-08 17:28:14
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:79B07F37-2C6B-4846-BB28-91A1E5BF112E