Summary
This host is running with WordPress myEASYbackup Plugin and is prone to directory traversal vulnerability.
Impact
Successful exploitation could allow attackers to read arbitrary files via directory traversal attacks and gain sensitive information.
Impact Level: Application
Solution
Upgrade to WordPress myEASYbackup Plugin version 1.0.9 or later. For updates refer to http://wordpress.org/extend/plugins/myeasybackup/
Insight
The flaw is due to an input validation error in 'dwn_file' parameter to 'wp-content/plugins/myeasybackup/meb_download.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
WordPress myEASYbackup Plugin version 1.0.8.1
References
Severity
Classification
-
CVE CVE-2012-0898 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities