ID de Prueba:	1.3.6.1.4.1.25623.1.0.900277
Categoría:	Web application abuses
Título:	WordPress BackWPup Plugin 'wpabs' Parameter Remote PHP Code Execution Vulnerability
Resumen:	WordPress BackWPup Plugin is prone to remote PHP code execution vulnerability.
Descripción:	Summary: WordPress BackWPup Plugin is prone to remote PHP code execution vulnerability. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input to the 'wpabs' parameter in 'wp-content/plugins/backwpup/app/wp_xml_export.php', which allows attackers to execute arbitrary PHP code in the context of an affected site. NOTE : Exploit will only work properly with the following PHP settings: register_globals=On, allow_url_include=On and magic_quotes_gpc=Off Vulnerability Impact: Successful exploitation will let remote attackers to execute malicious PHP code to in the context of an affected site. Affected Software/OS: BackWPup WordPress plugin version 1.6.1, Other versions may also be affected. Solution: Upgrade BackWPup WordPress plugin to 1.7.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4342 http://www.exploit-db.com/exploits/17056 http://seclists.org/fulldisclosure/2011/Mar/328 http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf http://www.openwall.com/lists/oss-security/2011/11/22/7 http://www.openwall.com/lists/oss-security/2011/11/22/10 http://www.osvdb.org/71481 http://secunia.com/advisories/43565
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.