The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to a backup file in administrators/backups/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xcloner xcloner 3.1.1 |
||
xcloner xcloner 3.5.1 |