Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#25081 closed defect (bug) (invalid)

wordpress Bug / Vulnerability

Reported by: mohanpendyala's profile mohanpendyala Owned by:
Milestone: Priority: normal
Severity: major Version:
Component: Filesystem API Keywords:
Focuses: Cc:

Description

Vulnerable Path: wp-content/uploads/dump.sql

Google Dorks:
inurl:uploads"dump.sql"wordpress

inurl:wp-content/uploads/dump.sql

This vulnerable path revealing important data which contains Database info, Users emails, password hashes, registered emails and more sensitive data

Change History (3)

#1 @rmccue
11 years ago

Firstly, security issues should be reported via the correct private channels.

Secondly, this is not something that WordPress has included in the core code, this is probably from plugins.

#2 @rmccue
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

#3 @SergeyBiryukov
11 years ago

  • Keywords needs-testing removed
Note: See TracTickets for help on using tickets.