PT-2015-4051 · Open Source Matters+1 · Joomla!+1

Larry W. Cashdollar

Published

2015-06-10

Updated

2015-06-11

CVE-2014-8605

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions XCloner plugin version 3.1.1 for WordPress XCloner plugin version 3.5.1 for Joomla!

Description The issue allows remote attackers to obtain sensitive information by directly requesting a backup file due to predictable file names and insufficient access control. The backup files are stored under the web root in administrators/backups/.

Recommendations For XCloner plugin version 3.1.1 for WordPress, restrict access to the administrators/backups/ directory to prevent unauthorized access to backup files. For XCloner plugin version 3.5.1 for Joomla!, restrict access to the administrators/backups/ directory to prevent unauthorized access to backup files.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-8605

Affected Products

Joomla!

Xcloner

PT-2015-4051 · Open Source Matters+1 · Joomla!+1

CVE-2014-8605

Weakness Enumeration

Related Identifiers

Affected Products

References · 5