CVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62	Patch
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64	Patch
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=	Patch
https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it	Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*

History

18 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html -

21 Dec 2023, 19:24

Type	Values Removed	Values Added
Summary		(es) El complemento Backup Migration para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.3.7 incluida a través del archivo /includes/backup-heart.php. Esto se debe a que un atacante puede controlar los valores pasados a una inclusión y, posteriormente, aprovecharlos para lograr la ejecución remota de código. Esto hace posible que atacantes no autenticados ejecuten código fácilmente en el servidor.
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 - Patch
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 - Patch
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62 - Patch
References	~~() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64 -~~	() https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64 - Patch
References	~~() https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail= -~~	() https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail= - Patch
References	~~() https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it -~~	() https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it - Not Applicable
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve - Third Party Advisory
CPE		cpe:2.3:a:backupbliss:backup_migration::::::wordpress::*
CWE		NVD-CWE-noinfo
First Time		Backupbliss Backupbliss backup Migration

15 Dec 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-15 11:15

Updated : 2024-01-18 17:15

NVD link : CVE-2023-6553

Mitre link : CVE-2023-6553

CVE.ORG link : CVE-2023-6553

JSON object : View

Products Affected

backupbliss

backup_migration

CWE

NVD-CWE-noinfo

9.8 /10