Duplicator – WordPress Migration & Backup Plugin, CVE-2018-17207
- CVE, Research URL
- Published on
- Sep 19, 2018
- Research Description
- An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
- Affected versions
-
Min -, max 0.5.15.
- Status
-
vulnerable