The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing | Exploit |
https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-12-26T18:33:12.631Z
Updated: 2023-12-26T18:33:12.631Z
Reserved: 2023-11-13T21:20:03.399Z
Link: CVE-2023-6114
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-26T19:15:08.260
Modified: 2024-01-05T15:08:00.537
Link: CVE-2023-6114
JSON object: View
Redhat Information
No data.
CWE