cbcvebase.
CVE-2023-7165
published 2024-02-27

CVE-2023-7165: The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations…

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.92%
77.3th percentile
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.

Affected

1 ranges
VendorProductVersion rangeFixed in
jetbackupjetbackup< 2.0.9.92.0.9.9

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/uploads/jetbackup/
path/wp-content/uploads/jetbackup/
path/wp-content/plugins/backup/
filename.sgbp
filename_database.sql
yara
regex folder_name: href="([^"]*_D\d{14}[^"]*)/"
  • Detect exposed JetBackup directory listing by sending GET to /wp-content/uploads/jetbackup/ and checking for HTTP 200 with body containing both 'Index of' and 'jetbackup'.
  • Backup folder names follow the pattern *_D{14digits}* (e.g., regex `[^"]*_D\d{14}[^"]*`); use this to enumerate exposed backup subdirectories.
  • Confirm backup file exposure by checking the enumerated subdirectory for files with the .sgbp extension and HTTP 200 response.
  • Database dump files matching the pattern *_database.sql may be directly accessible within exposed JetBackup directories.
  • Use Shodan/FOFA/Google dorks to identify publicly exposed JetBackup installations: search for body containing /wp-content/plugins/backup/ or inurl:/wp-content/uploads/jetbackup/.
  • ·Vulnerability only manifests in certain web server configurations where directory listing is enabled; not all JetBackup installations <= 2.0.9.9 will be exploitable.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.