CVE-2020-35948

Опубликовано: 01 янв. 2021

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.

Ссылки

http://packetstormsecurity.com/files/163336/WordPress-XCloner-4.2.12-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2020-35948
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/10412
Exploit
Third Party Advisory
https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163336/WordPress-XCloner-4.2.12-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2020-35948
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/10412
Exploit
Third Party Advisory
https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xcloner:xcloner:*:*:*:*:*:wordpress:*:*

Версия от 4.2.1 (включая) до 4.2.13 (исключая)

EPSS

Процентиль: 98%

0.51632

Средний

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-p2jc-8hc7-j466

github

больше 3 лет назад

EPSS

Процентиль: 98%

0.51632

Средний

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-863