Directory Traversal Vulnerabilities in BackWPup Plugin for WordPress
CVE-2011-5208

Currently unrated

Key Information:

Vendor: Wordpress
Status: BackWPup
Vendor: CVE Published:; 8 October 2012

Summary

The BackWPup plugin for WordPress prior to version 1.4.1 contains multiple directory traversal vulnerabilities. These issues allow remote attackers to exploit the wpabs parameter, enabling them to read arbitrary files from the server. This can occur through specially crafted requests to the app/options-view_log-iframe.php or app/options-runnow-iframe.php scripts. The vulnerability poses a significant risk by providing unauthorized access to sensitive files, potentially leading to further attacks or information disclosure.

References

http://www.osvdb.org/71242

vdb-entryx_refsource_OSVDB

http://wordpress.org/extend/plugins/backwpup/changelog/

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2012