WordPress BackWPup Plugin 'wpabs' Parameter Remote PHP Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with WordPress BackWPup Plugin and is prone to remote PHP code execution vulnerability.

Impact

Successful exploitation will let remote attackers to execute malicious PHP code to in the context of an affected site. Impact Level: Application/System

Solution

Upgrade BackWPup Wordpress plugin to 1.7.1 or later, For updates refer to http://wordpress.org/extend/plugins/backwpup/ NOTE : Exploit will work properly, register_globals=On, allow_url_include=On and magic_quotes_gpc=Off

Insight

The flaws are caused by improper validation of user-supplied input to the 'wpabs' parameter in 'wp-content/plugins/backwpup/app/wp_xml_export.php', which allows attackers to execute arbitrary PHP code in the context of an affected site.

Affected

BackWPup Wordpress plugin version 1.6.1, Other versions may also be affected.

References

http://seclists.org/fulldisclosure/2011/Mar/328
http://www.exploit-db.com/exploits/17056/
http://www.senseofsecurity.com.au/advisories/SOS-11-003

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.7 AV:N/AC:L/Au:N/C:P/I:C/A:C

Related Vulnerabilities

ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
ArticleFR CMS Multiple Vulnerabilities - Jan15
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Admbook PHP Code Injection Flaw

Take action and discover your vulnerabilities