CVE-2023-6114

Exploit

EPSS 30.89%
Veröffentlicht 26.12.2023 19:15:08
Zuletzt bearbeitet 21.11.2024 08:43:09
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Mögliche Gegenmaßnahme

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More: Update to version 1.5.7.1, or a newer patched version

Duplicator Pro: Update to version 4.5.14.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Awesomemotive ≫ Duplicator SwEdition- SwPlatformwordpress Version < 1.5.7.1

Awesomemotive ≫ Duplicator SwEditionpro SwPlatformwordpress Version < 4.5.14.2

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

Version *-1.5.7

SystemWordPress Plugin

≫

Produkt Duplicator Pro

Version [*, 4.5.14.2)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	30.89%	0.98

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing

Exploit

https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f7a88c-a09b-46ac-b345-139c2d20a3d2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6114

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-6114