Vulnerability CVE-2013-2742


Published: 2013-04-02

Description:
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
robarmstrong.te7...
25.03.2013

Type:

CWE-DesignError

Vendor: Ithemes
Product: Backupbuddy 
Version:
2.2.4
2.2.28
2.2.25
2.1.4
1.3.4

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/120923
http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html

Related CVE
CVE-2018-7433
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.
CVE-2013-2743
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.
CVE-2013-2741
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors ...

Copyright 2019, cxsecurity.com

 

Back to Top