Description
WordPress Plugin Database Backup for WordPress is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. WordPress Plugin Database Backup for WordPress version 1.7 is vulnerable; prior versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/19504/exploit
http://www.securityfocus.com/archive/1/443181
http://packetstormsecurity.com/files/view/49285/wordpressTraverse.txt
Related Vulnerabilities
Oracle HTTP Server CVE-2013-1862 Vulnerability (CVE-2013-1862)
WordPress Plugin Captcha by BestWebSoft Security Bypass (4.0.6)
WordPress Plugin Meteor Slides Cross-Site Scripting (1.5.6)
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)
Oracle Database Server CVE-2014-0378 Vulnerability (CVE-2014-0378)