Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4342

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4342
Last Modified 09 Oct 2012 12:00:00
Published 08 Oct 2012 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4342

Summary

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Vulnerable Systems

Application

  • Backwpup 1.7.1


References

MISC - http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf

OSVDB - 71481

MLIST - [oss-security] 20111122 Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

MLIST - [oss-security] 20111122 RE: Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

EXPLOIT-DB - 17056

CONFIRM - http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003

SECUNIA - 43565

FULLDISC - 20110328 Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

MISC - http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt


Last Updated: 27 May 2016 11:00:52