CVE-2023-6114
published 2023-12-26CVE-2023-6114: The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory…
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
30.89%
98.0th percentile
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awesomemotive | duplicator | < 1.5.7.1 | 1.5.7.1 |
| awesomemotive | duplicator | < 4.5.14.2 | 4.5.14.2 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: Duplicator WordPress Plugin Sensitive Backup Directory Listing
detection:
keywords:
- 'Duplicator'
- "Index of'"
condition: and- →Monitor HTTP GET requests to the backups-dup-lite/tmp or backups-dup-pro/tmp directories; a directory listing response (HTTP 200 with 'Index of') indicates the vulnerability is being exploited to enumerate sensitive backup files. ↗
- →Alert on unauthenticated access to .sql database dump files or .zip archive files served from the Duplicator plugin tmp directories, as these contain a full database dump and a zip archive of the site. ↗
- →Use the Sigma rule keyword combination of 'Duplicator' and "Index of'" in web server access logs to detect directory listing enumeration attempts against the plugin's backup directories.
- ·The vulnerability is only exploitable when directory listing is enabled on the web server; if directory listing is disabled, unauthenticated attackers cannot enumerate the backup files even if the tmp directory exists. ↗
- ·Affected versions are Duplicator (free) before 1.5.7.1 and Duplicator Pro before 4.5.14.2; detections should be scoped to installations running these older versions. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-769q-5ww3-v8ww: The Duplicator WordPress plugin before 1
ghsa_unreviewed·2023-12-26
CVE-2023-6114 [HIGH] CWE-552 GHSA-769q-5ww3-v8ww: The Duplicator WordPress plugin before 1
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
VulnCheck
awesomemotive duplicator Files or Directories Accessible to External Parties
vulncheck·2023·CVSS 7.5
CVE-2023-6114 [HIGH] awesomemotive duplicator Files or Directories Accessible to External Parties
awesomemotive duplicator Files or Directories Accessible to External Parties
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.
Affected: awesomemotive duplicator
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shad
No detection rules found.
Nuclei
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
nuclei·CVSS 7.5
CVE-2023-6114 [HIGH] Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
Duplicator Index of')"
condition: and
# digest: 4a0a00473045022100f87946174fabcd2a7409e16139dffcdcc3fb75f5b93e7401c4caca74ff9c8ff002205ee72a4256b305ef58c0b9c803f9b256678590f90e85f6813d9fdcbedd5a0290:922c64590222798bb761d5b6d8e72950
https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharinghttps://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharinghttps://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1
2023-12-26
Published
Exploited in the wild