Summary
This host is installed with WordPress BackWPup Plugin and is prone to multiple directory traversal vulnerabilities.
Impact
Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to WordPress BackWPup Plugin version 1.4.1 or later For updates refer to http://wordpress.org/extend/plugins/backwpup/
Insight
Input passed via the 'wpabs' parameter to
wp-content/plugins/backwpup/app/options-view_log-iframe.php (when logfile is set to an existing file) and to
wp-content/plugins/backwpup/app/options-runnow-iframe.php (when jobid is set to a numeric value) is not properly verified before being used to include files.
Affected
WordPress BackWPup Plugin Version prior to 1.4.1
References
Severity
Classification
-
CVE CVE-2011-5208 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability