← back
CVE-2007-5800

CVE-2007-5800

EPSS 36.5%
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4593unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38476http://osvdb.org/38477http://osvdb.org/38478http://osvdb.org/38479https://exchange.xforce.ibmcloud.com/vulnerabilities/38212https://www.exploit-db.com/exploits/4593http://wordpress.designpraxis.at/2007/11/01/backupwordpress-security-release/http://wordpress.designpraxis.at/2007/11/01/security-vulnerability-in-backupwordpress/http://www.securityfocus.com/bid/26290http://www.vupen.com/english/advisories/2007/3744