CVE-2021-24155

Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

EPSS 83.7%CWE-434

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

Affected products

Unknown · WordPress Backup and Migrate Plugin – Backup Guard

public PoCs found — 4

githubgithub.com/0dayNinja/CVE-2021-24155.rb★ 10 cve_referencepacketstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.htmlunverified cve_referencepacketstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/50093unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb