CVE-2021-39327

Sažetak

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

Reference

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=
http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html
https://www.exploit-db.com/exploits/50382
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

25-10-2022 - 18:37

Objavljeno

17-09-2021 - 11:15