Summary
This host is running with WordPress myEASYbackup Plugin and is prone to directory traversal vulnerability.
Impact
Successful exploitation could allow attackers to read arbitrary files via directory traversal attacks and gain sensitive information.
Impact Level: Application
Solution
Upgrade to WordPress myEASYbackup Plugin version 1.0.9 or later. For updates refer to http://wordpress.org/extend/plugins/myeasybackup/
Insight
The flaw is due to an input validation error in 'dwn_file' parameter to 'wp-content/plugins/myeasybackup/meb_download.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
WordPress myEASYbackup Plugin version 1.0.8.1
References
Severity
Classification
-
CVE CVE-2012-0898 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability