#25081 closed defect (bug) (invalid)
wordpress Bug / Vulnerability
Reported by: | mohanpendyala | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | |
Component: | Filesystem API | Keywords: | |
Focuses: | Cc: |
Description
Vulnerable Path: wp-content/uploads/dump.sql
Google Dorks:
inurl:uploads"dump.sql"wordpress
inurl:wp-content/uploads/dump.sql
This vulnerable path revealing important data which contains Database info, Users emails, password hashes, registered emails and more sensitive data
Change History (3)
#2
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
#3
@
11 years ago
- Keywords needs-testing removed
That file appears to be created by WP Easy Backup plugin:
http://plugins.trac.wordpress.org/browser/wp-easy-backup/trunk/wp-easy-backup.php?rev=501744#L37
Note: See
TracTickets for help on using
tickets.
Firstly, security issues should be reported via the correct private channels.
Secondly, this is not something that WordPress has included in the core code, this is probably from plugins.