How severe is CVE-2023-5505?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-5505?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-5505 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

Related Vulnerabilities

CVE-2016-2933

MEDIUM

CVSS:6.8(Medium)

Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.

CWE-222016

CVE-2016-6614

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user ...

CWE-222016

CVE-2017-15527

MEDIUM

CVSS:6.8(Medium)

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sa...

CWE-222017

CVE-2018-9445

MEDIUM

CVSS:6.8(Medium)

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution ...

CWE-222018

CVE-2019-19848

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerab...

CWE-222019

CVE-2019-4674

MEDIUM

CVSS:6.8(Medium)

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to...

CWE-222019