Attacker Value
Moderate
0

CVE-2020-11738

Disclosure Date: April 13, 2020

Exploitability

(1 user assessed) Very High
Attack Vector
Network
Privileges Required
None
User Interaction
None

Description

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

Add Assessment

General Information

Additional Info

Technical Analysis