Test ID:	1.3.6.1.4.1.25623.1.0.900277
Category:	Web application abuses
Title:	WordPress BackWPup Plugin 'wpabs' Parameter Remote PHP Code Execution Vulnerability
Summary:	WordPress BackWPup Plugin is prone to remote PHP code execution vulnerability.
Description:	Summary: WordPress BackWPup Plugin is prone to remote PHP code execution vulnerability. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input to the 'wpabs' parameter in 'wp-content/plugins/backwpup/app/wp_xml_export.php', which allows attackers to execute arbitrary PHP code in the context of an affected site. NOTE : Exploit will only work properly with the following PHP settings: register_globals=On, allow_url_include=On and magic_quotes_gpc=Off Vulnerability Impact: Successful exploitation will let remote attackers to execute malicious PHP code to in the context of an affected site. Affected Software/OS: BackWPup WordPress plugin version 1.6.1, Other versions may also be affected. Solution: Upgrade BackWPup WordPress plugin to 1.7.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4342 http://www.exploit-db.com/exploits/17056 http://seclists.org/fulldisclosure/2011/Mar/328 http://packetstormsecurity.org/files/view/99799/SOS-11-003.txt http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf http://www.openwall.com/lists/oss-security/2011/11/22/7 http://www.openwall.com/lists/oss-security/2011/11/22/10 http://www.osvdb.org/71481 http://secunia.com/advisories/43565
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.