MEDIUM🇬🇧 English

CVE-2024-0697

CVSS 6.5v3.1pub. 2024-01-27upd. 2026-04-08

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  • Softaculous Backuply

    APP
    Softaculous
    ≤ 1.2.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2024-8669CRITICAL9.1PL ✓ten sam produkt

SQL Injection w pluginie WordPress Backuply (do wersji 1.3.4)

CVE-2024-0842HIGH7.5ten sam produkt

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in a...

CVE-2024-24621CRITICAL9.8PL ✓ten sam vendor

Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła

CVE-2017-6513CRITICAL9.9ten sam vendor

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctl...

CVE-2024-24622HIGH8.8ten sam vendor

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...