Lucene search
Dmitrii IgnatyevWPVDB-ID:A39BB807-B143-4863-88FF-1783E407D7D4HistoryJan 15, 2024 - 12:00 a.m.
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
2024-01-1500:00:00
Dmitrii Ignatyev
wpscan.com
7
fastdup
wordpress
migration
duplicator
directory listing
account takeover
sensitive data exposure
backup function
Description The plugin does not prevent directory listing in sensitive directories containing export files.
PoC
- Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/ 2) During backup creation, you can intercept the following paths: wordpress/wp-content/plugins/fastdup/logs wordpress/wp-content/njt-fastdup/tmp 3) After backup go to /wordpress/wp-content/njt-fastdup/packages/ and see all backup files inside directory
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.2 |
Related
cvelist
cvelist
nvd
nvd
CVE-2023-6592
2024-01-16 16:15:13
wpexploit
wpexploit
cve
cve
CVE-2023-6592
2024-01-16 16:15:13
prion
prion
Design/Logic Flaw
2024-01-16 16:15:00
wordfence
wordfence
5.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:A39BB807-B143-4863-88FF-1783E407D7D4