ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion

Product
BackUpWordPress
Description
Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwp_plugin_path" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2007-5800
Versions
Affected In <= 0.4.2
Fixed In 0.4.3
Disclosure date
2007-11-02
Credits
S.W.A.T.