Summary
The ezpz-one-click-backup plugin for WordPress is prone to remote code execution vulnerability because it fails to properly validate user supplied input.
Impact
An attacker can exploit this issue to execute arbitrary code within the context of the web server.
Solution
Remove this plugin from your WordPress installation.
Insight
Input passed via the 'cmd' parameter in ezpz-archive-cmd.php is not properly sanitized.
Affected
12.03.10 and some earlier versions
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Artmedic Kleinanzeigen File Inclusion Vulnerability