admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-31474.md

Browse Source 
add CVE-2022-31474
This commit is contained in:
Goby 2023-04-01 12:40:51 +08:00 committed by GitHub
parent d391859db0
commit ca100a8082
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-31474.md Normal file
View File

@ -0,0 +1,12 @@
## WordPress Plugin BackupBuddy Arbitrary File Read Vulnerability (CVE-2022-31474)
| **Vulnerability** | **WordPress Plugin BackupBuddy Arbitrary File Read Vulnerability (CVE-2022-31474)** |
| :----: | :-----|
| **Chinese name** | WordPress BackupBuddy 插件 local-download 参数任意文件读取漏洞CVE-2022-31474 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [header="WordPress" \|\| header="api.w.org" \|\| body="/wp-content/themes/"](https://fofa.info/result?qbase64=aGVhZGVyPSJXb3JkUHJlc3MiIHx8IGhlYWRlcj0iYXBpLncub3JnIiB8fCBib2R5PSIvd3AtY29udGVudC90aGVtZXMvIg%3D%3D) |
| **Number of assets affected** | 34049801 |
| **Description** | WordPress BackupBuddy plugin is a fast and simple plugin for WordPress backup and restore. WordPress plugin BackupBuddy versions 8.5.8.0 to 8.7.4.1 have an information disclosure vulnerability, which stems from an arbitrary file read and download vulnerability. |
| **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. |
![](https://s3.bmp.ovh/imgs/2023/04/01/0b9fb8da4ab364e1.gif)