Lucene search
HistoryJun 10, 2015 - 6:59 p.m.
CVE-2014-8605
cve-2014-8605
xcloner
wordpress
joomla
database backup
predictable names
web security
access control
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.6%
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.
Affected configurations
Node
xclonerxclonerMatch3.1.1wordpress
ORxclonerxclonerMatch3.5.1joomla\!
| CPE | Name | Operator | Version |
|---|---|---|---|
| xcloner:xcloner | xcloner | eq | 3.1.1 |
| xcloner:xcloner | xcloner | eq | 3.5.1 |
Related
prion
prion
Improper access control
2015-06-10 18:59:00
patchstack
patchstack
cvelist
cvelist
CVE-2014-8605
2015-06-10 18:00:00
nvd
nvd
CVE-2014-8605
2015-06-10 18:59:02
packetstorm
packetstorm
Joomla/WordPress XCloner Command Execution / Password Disclosure
2014-11-07 00:00:00
wpvulndb
wpvulndb
XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)
2014-10-17 00:00:00
securityvulns
securityvulns
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
2015-06-08 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.6%
Related for CVE-2014-8605