PT-2018-4209 · Unknown · Ezpz One Click Backup

Henri Salo

Published

2018-04-10

Updated

2018-05-18

CVE-2014-3114

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EZPZ One Click Backup plugin versions 12.03.10 and earlier

Description The issue allows remote attackers to execute arbitrary commands. This is achieved via the cmd parameter to the "functions/ezpz-archive-cmd.php" endpoint.

Recommendations For versions 12.03.10 and earlier, consider disabling access to the "functions/ezpz-archive-cmd.php" endpoint until a patch is available. Avoid using the cmd parameter in the affected endpoint to minimize the risk of exploitation.

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2014-3114

Affected Products

Ezpz One Click Backup

PT-2018-4209 · Unknown · Ezpz One Click Backup

CVE-2014-3114

Weakness Enumeration

Related Identifiers

Affected Products

References · 3