CVE-2013-2741 (GCVE-0-2013-2741)

Vulnerability from cvelistv5 – Published: 2013-04-02 10:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:44:33.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/120923"
          },
          {
            "name": "20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-02T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/120923"
        },
        {
          "name": "20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-2741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/120923",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/120923"
            },
            {
              "name": "20130323 Backupbuddy wordpress plugin - sensitive data exposure in importbuddy.php",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-2741",
    "datePublished": "2013-04-02T10:00:00Z",
    "dateReserved": "2013-04-01T00:00:00Z",
    "dateUpdated": "2024-09-17T03:03:17.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E78D208-6A3A-4608-9109-A66DF10954A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A874CB8C-4A58-4C69-9E72-EA23DD8469CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1C4CC48-3852-46C5-BCE3-3AD2AD752D9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0909EBD6-E9B9-4B3B-AAF8-65CA3D37D5B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A9D1686-F217-4765-AC5E-2048293FF44B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77EB0E7-7FA7-4232-97DF-7C7587D163F1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.\"}, {\"lang\": \"es\", \"value\": \"importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticaci\\u00f3n, lo que permite a atacantes remotos obtener informaci\\u00f3n o sobreescribir o borrar ficheros, a trav\\u00e9s de vectores (1) petici\\u00f3n directa, (2) step=1 petici\\u00f3n, (3) step=2 o step=3 petici\\u00f3nt, o (4) step=7 petici\\u00f3n.\"}]",
      "id": "CVE-2013-2741",
      "lastModified": "2024-11-21T01:52:16.890",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-04-02T12:09:11.127",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/120923\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/120923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2741\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-04-02T12:09:11.127\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request.\"},{\"lang\":\"es\",\"value\":\"importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n o sobreescribir o borrar ficheros, a trav\u00e9s de vectores (1) petici\u00f3n directa, (2) step=1 petici\u00f3n, (3) step=2 o step=3 petici\u00f3nt, o (4) step=7 petici\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E78D208-6A3A-4608-9109-A66DF10954A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A874CB8C-4A58-4C69-9E72-EA23DD8469CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C4CC48-3852-46C5-BCE3-3AD2AD752D9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0909EBD6-E9B9-4B3B-AAF8-65CA3D37D5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9D1686-F217-4765-AC5E-2048293FF44B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77EB0E7-7FA7-4232-97DF-7C7587D163F1\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/120923\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/120923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.