exploitDog

CVE-2013-2741

Опубликовано: 02 апр. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*

cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00664

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-443f-w88g-369p

github

около 3 лет назад

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.

EPSS

Процентиль: 70%

0.00664

Низкий

7.5 High

CVSS2

Дефекты

CWE-287