CVE-2011-4342

Опубликовано: 08 окт. 2012

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Ссылки

http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt
Exploit
http://seclists.org/fulldisclosure/2011/Mar/328
Exploit
http://secunia.com/advisories/43565
Vendor Advisory
http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003
http://www.exploit-db.com/exploits/17056
Exploit
http://www.openwall.com/lists/oss-security/2011/11/22/10
Exploit
http://www.openwall.com/lists/oss-security/2011/11/22/7
Exploit
http://www.osvdb.org/71481
Exploit
http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf
Exploit
URL Repurposed
http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt
Exploit
http://seclists.org/fulldisclosure/2011/Mar/328
Exploit
http://secunia.com/advisories/43565
Vendor Advisory
http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003
http://www.exploit-db.com/exploits/17056
Exploit
http://www.openwall.com/lists/oss-security/2011/11/22/10
Exploit
http://www.openwall.com/lists/oss-security/2011/11/22/7
Exploit
http://www.osvdb.org/71481
Exploit
http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf
Exploit
URL Repurposed

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:backwpup:backwpup:*:*:*:*:*:*:*:*

Версия до 1.7.1 (включая)

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03506

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-pqvq-cgx4-49hv

github

около 3 лет назад