CVE-2013-2741

{"id": "CVE-2013-2741", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-02T12:09:11.127", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/120923", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request."}, {"lang": "es", "value": "importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n o sobreescribir o borrar ficheros, a trav\u00e9s de vectores (1) petici\u00f3n directa, (2) step=1 petici\u00f3n, (3) step=2 o step=3 petici\u00f3nt, o (4) step=7 petici\u00f3n."}], "lastModified": "2013-04-02T12:09:11.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ithemes:backupbuddy:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E78D208-6A3A-4608-9109-A66DF10954A1"}, {"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A874CB8C-4A58-4C69-9E72-EA23DD8469CC"}, {"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C4CC48-3852-46C5-BCE3-3AD2AD752D9E"}, {"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0909EBD6-E9B9-4B3B-AAF8-65CA3D37D5B9"}, {"criteria": "cpe:2.3:a:ithemes:backupbuddy:2.2.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A9D1686-F217-4765-AC5E-2048293FF44B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}