CVE-2024-0697
Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.3 inclusive a través del parámetro node_id en la función backuply_get_jstree. Esto hace posible que atacantes con privilegios de administrador o superiores lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-18 CVE Reserved
- 2024-01-26 CVE Published
- 2024-02-01 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Softaculous Search vendor "Softaculous" | Backuply Search vendor "Softaculous" for product "Backuply" | <= 1.2.3 Search vendor "Softaculous" for product "Backuply" and version " <= 1.2.3" | wordpress |
Affected
| ||||||