Directory Traversal Vulnerability in DB Backup Plugin for WordPress
CVE-2014-9119

Currently unrated

Key Information:

Vendor

Wordpress
Status
Db Backup
Vendor
CVE Published:
31 December 2014

What is CVE-2014-9119?

A directory traversal vulnerability exists in the 'download.php' script of the DB Backup plugin for WordPress versions 4.5 and earlier. This flaw allows remote attackers to exploit vulnerabilities by using a '..' (dot dot) notation in the file parameter. By doing so, they can access arbitrary files on the server, potentially leading to unauthorized disclosure of sensitive information and compromising the security of the affected website.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99368
vdb-entryx_refsource_XF
http://seclists.org/oss-sec/2014/q4/1059
mailing-listx_refsource_MLIST
https://wpvulndb.com/vulnerabilities/7726
x_refsource_MISC

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.