WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download

vendor:

Duplicator

by:

SecuriTrust

7.5

CVSS

HIGH

Unauthenticated Backup Download

284

CWE

Product Name: Duplicator

Affected Version From: < 1.4.7

Affected Version To: < 1.4.7

Patch Exists: YES

Related CWE: CVE-2022-2551

CPE: a:snapcreek:duplicator

Metasploit:

Other Scripts:

Tags: cve2022,wordpress,wp,wp-plugin,duplicator,wpscan,cve

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Nuclei References: https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0, https://wordpress.org/plugins/duplicator/, https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551, https://nvd.nist.gov/vuln/detail/CVE-2022-2551

Nuclei Metadata: {'max-request': 2, 'google-query': 'inurl:/backups-dup-lite/dup-installer/', 'verified': True, 'framework': 'wordpress', 'vendor': 'snapcreek', 'product': 'duplicator'}

Platforms Tested: Linux, Windows

2022

WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download

It allows an attacker to download the backup file. The backup file can be downloaded using the 'is_daws' parameter.

Mitigation:

Upgrade to version 1.4.7 or later.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
# Google Dork: N/A
# Date: 07.27.2022
# Exploit Author: SecuriTrust
# Vendor Homepage: https://snapcreek.com/
# Software Link: https://wordpress.org/plugins/duplicator/
# Version: < 1.4.7
# Tested on: Linux, Windows
# CVE : CVE-2022-2551
# Reference: https://securitrust.fr
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551

#Product:
WordPress Plugin Duplicator < 1.4.7

#Vulnerability:
1-It allows an attacker to download the backup file.

#Proof-Of-Concept:
1-Backup download.
The backup file can be downloaded using the "is_daws" parameter.
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php