CVE-2022-2863
N/A
N/A
Summary
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Migration, Backup, Staging – WPvivid | 0.9.76 < 0.9.76 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
- http://seclists.org/fulldisclosure/2022/Oct/0
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
References
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
- http://seclists.org/fulldisclosure/2022/Oct/0
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.