CVE-2023-6971

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

El complemento Backup Migration para WordPress es vulnerable a la inclusión remota de archivos en las versiones 1.0.8 a 1.3.9 a través del encabezado HTTP 'content-dir'. Esto hace posible que atacantes no autenticados incluyan archivos remotos en el servidor, lo que resulta en la ejecución de código. NOTA: La explotación exitosa de esta vulnerabilidad requiere que el php.ini del servidor de destino esté configurado con 'allow_url_include' establecido en 'on'. Esta característica está obsoleta a partir de PHP 7.4 y está deshabilitada de forma predeterminada, pero aún se puede habilitar explícitamente en versiones posteriores de PHP.