Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2552: CVEsLab/CVE-2022-2552 at main · SecuriTrust/CVEsLab

The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

CVE
Open in Source
#vulnerability#windows#google#linux#git#wordpress#php#auth

Exploit Title: WordPress Plugin Duplicator <= 1.4.7 - Unauthenticated System Information Disclosure

# Exploit Title: WordPress Plugin Duplicator <= 1.4.7 - Unauthenticated System Information Disclosure
# Google Dork: N/A
# Date: 07.27.2022
# Exploit Author: SecuriTrust
# Vendor Homepage: https://snapcreek.com/
# Software Link: https://wordpress.org/plugins/duplicator/
# Version: <= 1.4.7
# Tested on: Linux, Windows
# CVE : CVE-2022-2552
# Reference: https://securitrust.fr
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2552

#Product:
WordPress Plugin Duplicator <= 1.4.7

#Vulnerability:
1-Some system information may be disclosure.

#Proof-Of-Concept:
1-System information.
Some system information is obtained using the "view" parameter.
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php

Related news

WordPress Duplicator 1.4.7 Information Disclosure

WordPress Duplicator plugin versions 1.4.7 and below suffer from an information disclosure vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE