ByteOS Network

▼CVE Numbering Authority (CNA)

Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.

Affected Products

Vendor

inisev

Product

BackupBliss – Backup & Migration with Free Cloud Storage

Default Status

unaffected

Versions

Affected

From 0 through 1.3.9 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Type: CWE

CWE ID: CWE-78

Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics

Version	Base score	Base severity	Vector
3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Credits

finder

Françoa Taffarel

Timeline

Event	Date
Vendor Notified	2023-12-20 00:00:00
Disclosed	2023-12-22 00:00:00

Event: Vendor Notified

Date: 2023-12-20 00:00:00

Event: Disclosed

Date: 2023-12-22 00:00:00

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve	N/A
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88	N/A
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518	N/A
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503	N/A
https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/	N/A
https://plugins.trac.wordpress.org/changeset/3012745/backup-backup	N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503

Resource: N/A

Hyperlink: https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/changeset/3012745/backup-backup

Resource: N/A

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve	x_transferred
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88	x_transferred
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518	x_transferred
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503	x_transferred
https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/	x_transferred
https://plugins.trac.wordpress.org/changeset/3012745/backup-backup	x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References