Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- WordPress WPvivid Backup Path Traversal[6]
- Authored by Rodolfo Tavares[7] | Site tempest.com.br[8]
-
WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.
- advisories | CVE-2022-2863[9]
- SHA-256 |
fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
- Download[10] | Favorite[11] | View[12]
Change Mirror[13] Download[14]
=====[ Tempest Security Intelligence - ADV-15/2022
]==========================
Wordpress plugin - WPvivid Backup - Version < 0.9.76
Author: Rodolfo Tavares
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability
Information]=============================================
* Class: Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal')
('Path Traversal') [CWE-22]
* CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVSS Base Score 7.2
=====[ Overview]========================================================
* System affected : Wordpress plugin - WPvivid Backup
* Software Version : Version < 0.9.76
* Impacts : The plugin WPvivid Backup does not sanitise and validate a
parameter before using it to read the content of a file, allowing high
privilege users to read any file from the web server via a Traversal attack.
=====[ Detailed
description]=================================================
* Steps to reproduce
1 - Authenticated as privilege user, copy the request below, change the
placeholder {{nonce}} with a valid nonce:
```
https://example.com/wp-admin/admin-ajax.php?_wpnonce={{nonce}}&action=wpvivid_download_export_backup&file_name=../../../../../../../etc/passwd&file_size=922
```
=====[ Timeline of
disclosure]===============================================
11/Aug/2022 - Responsible disclosure was initiated with the vendor.
15/Aug/2022 - WPvivid Support confirmed the issue.
16/Aug/2022 - WPvivid Support fix the issue.
08/Aug/2022 - CVEs was assigned and reserved as CVE-2022-2863.
=====[ Thanks & Acknowledgements]========================================
* Tempest Security Intelligence [5]
=====[ References ]=====================================================
[1][ [
https://cwe.mitre.org/data/definitions/22.html]|https://cwe.mitre.org/data/definitions/22.html
]]
[2][ [
https://gist.github.com/rodnt/c6eb8c8237d6ea0583f1f7da139c742a]|https://gist.github.com/rodnt/c6eb8c8237d6ea0583f1f7da139c742a
[3][ [https://www.tempest.com.br|https://www.tempest.com.br/]]
[4][ [
https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5]|https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5]]
]
[5][ [Thanks FXO,ACPM,MFPP]]
=====[ EOF ]===========================================================
--
File Tags
- ActiveX[19] (932)
- Advisory[20] (78,310)
- Arbitrary[21] (15,293)
- BBS[22] (2,859)
- Bypass[23] (1,599)
- CGI[24] (1,013)
- Code Execution[25] (6,783)
- Conference[26] (671)
- Cracker[27] (799)
- CSRF[28] (3,277)
- DoS[29] (22,077)
- Encryption[30] (2,341)
- Exploit[31] (50,166)
- File Inclusion[32] (4,160)
- File Upload[33] (945)
- Firewall[34] (821)
- Info Disclosure[35] (2,565)
- Intrusion Detection[36] (862)
- Java[37] (2,825)
- JavaScript[38] (808)
- Kernel[39] (6,163)
- Local[40] (14,100)
- Magazine[41] (586)
- Overflow[42] (12,254)
- Perl[43] (1,413)
- PHP[44] (5,059)
- Proof of Concept[45] (2,284)
- Protocol[46] (3,359)
- Python[47] (1,409)
- Remote[48] (29,882)
- Root[49] (3,468)
- Ruby[50] (581)
- Scanner[51] (1,631)
- Security Tool[52] (7,743)
- Shell[53] (3,079)
- Shellcode[54] (1,204)
- Sniffer[55] (883)
- Spoof[56] (2,123)
- SQL Injection[57] (16,066)
- TCP[58] (2,370)
- Trojan[59] (682)
- UDP[60] (873)
- Virus[61] (660)
- Vulnerability[62] (30,671)
- Web[63] (9,115)
- Whitepaper[64] (3,723)
- x86[65] (944)
- XSS[66] (17,413)
- Other[67]
File Archives
- October 2022[68]
- September 2022[69]
- August 2022[70]
- July 2022[71]
- June 2022[72]
- May 2022[73]
- April 2022[74]
- March 2022[75]
- February 2022[76]
- January 2022[77]
- December 2021[78]
- November 2021[79]
- Older[80]
Systems
- AIX[81] (426)
- Apple[82] (1,899)
- BSD[83] (369)
- CentOS[84] (55)
- Cisco[85] (1,915)
- Debian[86] (5,948)
- Fedora[87] (1,690)
- FreeBSD[88] (1,242)
- Gentoo[89] (4,219)
- HPUX[90] (878)
- iOS[91] (323)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (67)
- Linux[95] (42,959)
- Mac OS X[96] (684)
- Mandriva[97] (3,105)
- NetBSD[98] (255)
- OpenBSD[99] (479)
- RedHat[100] (12,018)
- Slackware[101] (941)
- Solaris[102] (1,607)
- SUSE[103] (1,444)
- Ubuntu[104] (8,039)
- UNIX[105] (9,121)
- UnixWare[106] (185)
- Windows[107] (6,476)
- Other[108]