7.5
CVE-2023-6114
- EPSS 66.72%
- Veröffentlicht 26.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:09
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginDuplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
Mögliche Gegenmaßnahme
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More: Update to version 1.5.7.1, or a newer patched version
Duplicator Pro: Update to version 4.5.14.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More
Version
* - 1.5.7
SystemWordPress Plugin
≫
Produkt
Duplicator Pro
Version
[*, 4.5.14.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Awesomemotive ≫ Duplicator SwEdition- SwPlatformwordpress Version < 1.5.7.1
Awesomemotive ≫ Duplicator SwEditionpro SwPlatformwordpress Version < 4.5.14.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 66.72% | 0.985 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.