CVE-2020-37246
MEDIUM
6,9
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
6,2
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access sensitive files like /etc/passwd or delete files via the removeAction parameter.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0002
Percentile
0,1th
Updated
EPSS Score Trend (Last 4 Days)
98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
PHP
Technologies:
Web Based, Web Server
https://downloads.wordpress.org/plugin/backup-by-supsystic.zip
https://supsystic.com/
https://www.exploit-db.com/exploits/49545
https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-backup-local-fi…