Phantom Hat

4 exploits Active since Dec 2023
CVE-2023-6553 NOMISEC CRITICAL WORKING POC
WordPress Backup Migration Plugin PHP Filter Chain RCE
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
2 stars
CVSS 9.8
CVE-2023-6972 NOMISEC CRITICAL WORKING POC
Backup Migration < 1.3.9 - Unauthenticated Path Traversal via HTTP Headers
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
1 stars
CVSS 9.8
CVE-2023-6972 NOMISEC CRITICAL WORKING POC
Backup Migration < 1.3.9 - Unauthenticated Path Traversal via HTTP Headers
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
1 stars
CVSS 9.8
CVE-2023-6553 NOMISEC CRITICAL WORKING POC
WordPress Backup Migration Plugin PHP Filter Chain RCE
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
1 stars
CVSS 9.8