CVE-2023-6114

26.12.2023, 19:15

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WPScan	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
awesomemotive	duplicator	𝑥 < 1.5.7.1
awesomemotive	duplicator	𝑥 < 4.5.14.2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-552 - Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing

https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1

https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing

https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1