CVE-2023-6972
Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
El complemento Backup Migration para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.3.9 inclusive a través de 'content-backups' y 'content-name', 'content-manifest' o 'content-bmitmp' y Encabezados HTTP 'identidad de contenido'. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios, incluido el archivo wp-config.php, lo que puede hacer posible la toma de control del sitio y la ejecución remota de código.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-20 CVE Reserved
- 2023-12-22 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Backupbliss Search vendor "Backupbliss" | Backup Migration Search vendor "Backupbliss" for product "Backup Migration" | < 1.4.0 Search vendor "Backupbliss" for product "Backup Migration" and version " < 1.4.0" | wordpress |
Affected
| ||||||