Lucene search

K
wpvulndbDmitrii IgnatyevWPVDB-ID:79B07F37-2C6B-4846-BB28-91A1E5BF112E
HistoryMar 18, 2024 - 12:00 a.m.

BackWPup < 4.0.4 - Unauthenticated Backup Download

2024-03-1800:00:00
Dmitrii Ignatyev
wpscan.com
7
backwpup
unauthenticated access
backup download
database access
security vulnerability

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site’s database.

PoC

  1. Ensure that Apache is configured with the ability to list directory content. 2) When this is done, you can see the backup directory. 3) When the backup is in progress, you can access the backup at: http://your_site/wordpress/wp-content/uploads/backwpup-{hash}-temp/db.sql
CPENameOperatorVersion
eq4.0.4

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:79B07F37-2C6B-4846-BB28-91A1E5BF112E