CVE-2011-4342

Published: Oct 8, 2012Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

Affected (1)

Products: Backwpup: Backwpup

Backwpup

1 product

Backwpup

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Backwpup Backwpup	Up to 1.7.1

Running on/with	Platform Versions
Wordpress Wordpress	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt

Source: secalert@redhat.com

Exploit

http://seclists.org/fulldisclosure/2011/Mar/328

Source: secalert@redhat.com

Exploit

http://secunia.com/advisories/43565

Source: secalert@redhat.com

Vendor Advisory

http://wordpress.org/support/topic/plugin-backwpup-remote-and-local-codeexecution-vulnerability-sos-11-003

Source: secalert@redhat.com

http://www.exploit-db.com/exploits/17056

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2011/11/22/10

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2011/11/22/7

Source: secalert@redhat.com

Exploit

http://www.osvdb.org/71481

Source: secalert@redhat.com

Exploit

http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf

Source: secalert@redhat.com

ExploitURL Repurposed

http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt