CVE Reference: CVE-2011-4342

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2011-4342

Description:
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA43565

OSVDB
  71481

MLIST
  http://www.openwall.com/lists/oss-security/2011/11/22/7
  http://www.openwall.com/lists/oss-security/2011/11/22/10

MISC
  http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt
  http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf

FULLDISC
  http://seclists.org/fulldisclosure/2011/Mar/328

EXPLOIT-DB
  http://www.exploit-db.com/exploits/17056

CONFIRM
  http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003


Return to the previous page.