How severe is CVE-2023-6114?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-6114?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2023-6114 - HIGH Severity | CVSS 7.5

Vulnerability Description

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Related Vulnerabilities

CVE-2017-11746

HIGH

CVSS:7.5(High)

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tensh...

CWE-5522017

CVE-2017-12079

HIGH

CVSS:7.5(High)

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via pr...

CWE-5522017

CVE-2017-2551

HIGH

CVSS:7.5(High)

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

CWE-5522017

CVE-2018-10863

HIGH

CVSS:7.5(High)

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...

CWE-5522018

CVE-2018-10869

HIGH

CVSS:7.5(High)

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CWE-5522018

CVE-2018-16946

HIGH

CVSS:7.5(High)

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via downl...

CWE-5522018