The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.
References
Link | Resource |
---|---|
http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/ | Exploit |
http://www.vapid.dhs.org/advisory.php?v=110 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-06-10T18:00:00
Updated: 2015-06-10T17:57:00
Reserved: 2014-11-04T00:00:00
Link: CVE-2014-8605
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-06-10T18:59:02.597
Modified: 2015-06-11T17:35:10.423
Link: CVE-2014-8605
JSON object: View
Redhat Information
No data.
CWE