ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BackWPUp Plugin 2.1.4 - Code Execution

Product
BackWPup
Description
BackWPup is prone to a code execution vulnerability that can be exploited to execute local or remote code on the web server. It allows an attacker to specify FTP resources as input by using a lack of data validation on the BackWPUpJobTemp POST parameter of job/wp_export_generate.php.
Solution
Upgrade to BackWPUp 2.1.5 of above.
Classification
Type Arbitrary Code Execution
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In 2.1.4
Fixed In 2.1.5
Disclosure date
2011-10-17
Credits
Sense of Security