logo
DATABASE RESOURCES PRICING ABOUT US

XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action

Description

"This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on a vulnerable site’s server. Alternatively, an attacker could create an exploit chain to obtain a database dump due to the same unprotected AJAX endpoint, amongst other things. "


Related