Lucene search

WordfenceCVELIST:CVE-2023-6971

HistoryDec 23, 2023 - 1:59 a.m.

CVE-2023-6971

2023-12-2301:59:49

Wordfence

www.cve.org

wordpress

remote file inclusion

php 7.4

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the ‘content-dir’ HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server’s php.ini is configured with ‘allow_url_include’ set to ‘on’. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

CNA Affected

[
  {
    "vendor": "migrate",
    "product": "Backup Migration",
    "versions": [
      {
        "version": "1.0.8",
        "status": "affected",
        "lessThanOrEqual": "1.3.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.php

plugins.trac.wordpress.org/changeset/3012745/backup-backup

www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

Related for CVELIST:CVE-2023-6971