WordPress plugin EZPZ One Click Backup Command Injection

By |May 2nd, 2014|

Product: WordPress plugin EZPZ One Click Backup
Vulnerability type: CWE-78 OS Command Injection
Vulnerable versions: 12.03.10 and some earlier versions
google Dork: intext:plugins/ezpz-one-click-backup/
credits: Henri Salo
Fixed version: N/A
Solution: Remove plugin
Vendor notification: Contact details N/A
WordPress plugins team notification: 2014-04-30
Risk: High
CVE: CVE-2014-3114

Vulnerability Details:

Contains a flaw that is triggered as input passed via the ‘cmd’ parameter in
ezpz-archive-cmd.php is not properly sanitized. With […]