CVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64	Patch
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=	Patch
https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it	Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*

History

18 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html -

21 Dec 2023, 19:24

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve - Third Party Advisory
References	~~() https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it -~~	() https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it - Not Applicable
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64 - Patch
References	~~() https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail= -~~	() https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail= - Patch
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62 - Patch
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 - Patch
CPE		cpe:2.3:a:backupbliss:backup_migration::::::wordpress::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

15 Dec 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-15 11:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6553

Mitre link : CVE-2023-6553

CVE.ORG link : CVE-2023-6553

JSON object : View

Products Affected

backupbliss

backup_migration

CWE

NVD-CWE-noinfo

9.8 /10