Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbDmitrii IgnatyevWPVDB-ID:5C5D41B9-1463-4A9B-862F-E9EE600EF8E1
HistoryDec 04, 2023 - 12:00 a.m.

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

2023-12-0400:00:00
Dmitrii Ignatyev
wpscan.com
8
duplicator
unauthenticated access
sensitive data exposure
web server
directory listing
database dump
zip archive

8.7 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.6%

JSON

Description The plugin does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

PoC

1. Ensure that the web server (e.g. nginx or Apache) has directory listing enabled. 2. Visit Duplicator > Packages and click Create New and then Next. 3. Visit /wp-content/backups-dup-lite/tmp/ to see the first sensitive files that are created. 4. Click Build. 5. Visit /wp-content/backups-dup-lite/tmp/ to see database dump and the zip file as it is being assembled. For the Pro version, change the paths above to use backups-dup-pro.

CPENameOperatorVersion
eq1.5.7.1
eq4.5.14.2

Related

cve 1
packetstorm 1
openvas 1
nuclei 1
wpexploit 1
cvelist 1
zdt 1
nvd 1
prion 1
exploitdb 1
wordfence 1
cve
cve
CVE-2023-6114
2023-12-26 19:15:08
packetstorm
packetstorm
WordPress Duplicator Data Exposure / Account Takeover
2024-03-11 00:00:00
openvas
openvas
WordPress Duplicator - WordPress Migration Plugin < 1.5.7.1 Information Disclosure Vulnerability
2024-01-05 00:00:00
nuclei
nuclei
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
2024-03-09 14:23:42
wpexploit
wpexploit
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
2023-12-04 00:00:00
cvelist
cvelist
CVE-2023-6114 Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
2023-12-26 18:33:12
zdt
zdt
WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover
2024-03-11 00:00:00
nvd
nvd
CVE-2023-6114
2023-12-26 19:15:08
prion
prion
Code injection
2023-12-26 19:15:00
exploitdb
exploitdb
WordPress Plugin Duplicator &lt; 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
2024-03-11 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
2023-12-14 16:32:44

8.7 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.6%

JSON
Related for WPVDB-ID:5C5D41B9-1463-4A9B-862F-E9EE600EF8E1
cve1packetstorm1openvas1nuclei1wpexploit1cvelist1zdt1nvd1prion1exploitdb1wordfence1