Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-11738

Published: 13/04/2020 Updated: 05/10/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Duplicator

Vulnerability Summary

The Snap Creek Duplicator plugin prior to 1.3.28 for WordPress (and Duplicator Pro prior to 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

snapcreek duplicator

Exploits

Exploit DB: WordPress Duplicator 1.3.26 Arbitrary File Read
WordPress Duplicator plugin version 1326 suffers from an unauthenticated arbitrary file read vulnerability ...

Github Repositories

https://github.com/Sleleu/HeroCTF_WriteUp

A write-up (in french) of challenges I attempted during HeroCTF 2023.

HeroCTF_WriteUp Premier writeup de mes débuts dans le monde du CTF, lors du HeroCTF se déroulant du 12 au 14 mai 2023, merci aux organisateurs c’était cool ! Place de la team à la fin du CTF : 73/1085 c’est plutôt encourageant pour la suite ! Sommaire Crypto Hyper Loop Web 1 - Best schools 2 - Referrrrer 3 - Drink from my

References

CWE-22https://snapcreek.com/duplicator/docs/changelog/?litehttps://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.htmlhttp://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.htmlhttps://cwe.mitre.org/data/definitions/23.htmlhttps://nvd.nist.govhttps://github.com/Sleleu/HeroCTF_WriteUphttps://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook