CVE Vulnerability

CVE-2022-2863

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

4.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5 Exploit Patch
http://seclists.org/fulldisclosure/2022/Oct/0 Exploit Mailing List
http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wpvivid:migration,_backup,_staging:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-09-16 09:15

Updated : 2022-11-10 04:04

NVD link : CVE-2022-2863

Mitre link : CVE-2022-2863

Products Affected
No products.
CWE
CWE-22