Vulnerabilities > CVE-2023-6971 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Backupbliss Backup Migration
Summary
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.php
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.php
- https://plugins.trac.wordpress.org/changeset/3012745/backup-backup
- https://plugins.trac.wordpress.org/changeset/3012745/backup-backup
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve