CVE-2011-5208

Name of the Vulnerable Software and Affected Versions BackWPup plugin versions prior to 1.4.1

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities in the BackWPup plugin. This is achieved by including a .. (dot dot) in the wpabs parameter to API endpoints such as "/app/options-view log-iframe.php" or "/app/options-runnow-iframe.php".

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints "/app/options-view log-iframe.php" and "/app/options-runnow-iframe.php" to minimize the risk of exploitation. Avoid using the wpabs parameter in these endpoints until the issue is resolved.