Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6553

Published: 15/12/2023 Updated: 18/01/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Backupbliss

Vulnerability Summary

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated malicious users to easily execute code on the server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

backupbliss backup migration

Vendor Advisories

Check Point Security Alerts: WordPress Backup Migration Plugin Remote Code Execution (CVE-2023-6553)
Check Point Reference: CPAI-2023-1400 Date Published: 18 Dec 2023 Severity: Critical ...

Exploits

Exploit DB: WordPress Backup Migration 1.3.7 Remote Command Execution
This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 137 and below The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heartphp endpoint The exploit makes use of a neat technique ...
Exploit DB: WordPress Backup Migration 1.3.7 Remote Code Execution
WordPress Backup Migration plugin versions 137 and below suffer from a remote code execution vulnerability ...

Github Repositories

https://github.com/Chocapikk/CVE-2023-6553

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

CVE-2023-6553 Exploit V2 πŸš€ Description πŸ“ The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 137 via the /includes/backup-heartphp file An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution This vulnerability allows unauthenticated attacker

https://github.com/venomsploit/wpexploit0day2-backupmig-

BACKUP-MIGRATION RCE EXPLOIT

CVE 2023-6553 WORDPRESS EXPLOIT The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 137 via the /includes/backup-heartphp file An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution This vulnerability allows unauthenticated attackers to execute co

https://github.com/motikan2010/CVE-2023-6553-PoC

CVE-2023-6553 PoC (LFI to RCE) Unauthenticated Remote Code Execution in Backup Migration (WordPress Plugin) Run $ python exploitpy The following PHP script is executed &lt;?php `date &gt; outtxt`; ?&gt; References Critical Unauthenticated Remote Code Execution Found in Backup Migrat

https://github.com/kiddenta/CVE-2023-6553

SCANNER CVE-2023-6553 The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 137 via the /includes/backup-heartphp file An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution This vulnerability allows unauthenticated attackers to execute code on the

https://github.com/eeenvik1/kvvuctf_24

Writeups for kvvuctf 2024

CTF reverse 1 Π“ΡƒΡ€Ρƒ рСвСрса - 1000 ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° kvvuctf: ОписаниС Π Π°Π·Π²Π΅Π΄Ρ‡ΠΈΠΊΠΈ ΠΏΠ΅Ρ€Π΅Ρ…Π²Π°Ρ‚ΠΈΠ»ΠΈ Π°ΠΏΠΏΠ°Ρ€Π°Ρ‚ΡƒΡ€Ρƒ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΡ ΠΏΡ€ΠΎΡ‚ΠΈΠ²Π½ΠΈΠΊΠ°, наши спСциалисты смогли Π²ΠΎΡΡΡ‚Π°Π½ΠΎΠ²ΠΈΡ‚ΡŒ [Π°Π»Π³ΠΎΡ€ΠΈΡ‚ΠΌ](1064100100/download/reverse_1000py) ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠΈ валидности клю

References

NVD-CWE-noinfohttps://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cvehttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-ithttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://github.com/Chocapikk/CVE-2023-6553https://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1400.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook