What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
Explanation of Vulnerability in Simple Terms
Everest Backup versions up to 2.3.11 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to trick a logged-in administrator into performing unintended actions. The vulnerability requires the victim to visit a malicious webpage while authenticated to the backup plugin. An attacker can read sensitive backup data or configuration information without direct access to the site.
What an attacker can do
Trick an authenticated admin into performing actions that expose backup data or plugin settings.
Potential impact on your site
Backup data and plugin configuration could be exposed if an admin visits a malicious link while logged in.
Conditions required to exploit
Admin must be logged in and visit an attacker-controlled webpage.
Key dates
External resources