Remote Code Execution Vulnerability in BackupBuddy Plugin by iThemes
CVE-2013-2744

Currently unrated

Key Information:

Vendor
Wordpress
Status
Backupbuddy
Vendor
CVE Published:
2 April 2013

Summary

The BackupBuddy plugin version 2.2.25 for WordPress contains a vulnerability in the importbuddy.php file, which can allow remote attackers to extract sensitive configuration information. This occurs through the phpinfo function invoked during a specific step 0 operation. As a result, unauthorized users may gain insight into the site's configuration, potentially leading to further exploitation.

References

http://packetstormsecurity.com/files/120923
x_refsource_MISC
http://archives.neohapsis.com/archives/fulldisclosure/201...
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.