CVE-2013-2742 – BackupBuddy < 3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-2742
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script. importbuddy.php en el plugin de BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28 y v2.2.4 para WordPress no es fiable queda eliminado tras completar una operación de restauración, lo que hace que sea más fácil para los atacantes remotos obtener acceso a través de las solicitudes posteriores a este script. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •
CVE-2013-2743 – BackupBuddy < 3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-2743
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter. importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress que permite a atacantes remotos evitar autenticaciones a través del parámetro step manipulando el entero. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •