CVE-2024-9162 Information

Description

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to and including 7.86. This makes it possible for authenticated attackers with Administrator-level access and above to create an export file with the .php extension on the affected site’s server adding an arbitrary PHP code to it which may make remote code execution possible.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/d97c3379-56c9-4261-9a70-3119ec121a40?source=cve https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/trunk/lib/controller/class-ai1wm-backups-controller.php#L60 https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/trunk/lib/controller/class-ai1wm-export-controller.php#L36 https://github.com/d0n601/CVE-2024-9162 https://ryankozak.com/posts/CVE-2024-9162

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2