CVE-2023-7002

Exploit

EPSS 45.9%
Veröffentlicht 23.12.2023 02:15:45
Zuletzt bearbeitet 08.04.2026 19:19:05
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9  via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.

Mögliche Gegenmaßnahme

Backup Migration: Update to version 1.4.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Backupbliss ≫ Backup Migration SwPlatformwordpress Version < 1.4.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Backup Migration

Version *-1.3.9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.9%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://plugins.trac.wordpress.org/changeset/3012745/backup-backup

Patch

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503

Exploit

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518

Exploit

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88

Exploit

https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/

Patch

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7002

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-7002