Supsystic Backup Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Supsystic Backup WordPress plugin, version 2.3.9. This vulnerability allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter in admin.php requests. By using directory traversal sequences, attackers can access sensitive files such as /etc/passwd or delete files via the removeAction parameter.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server or the deletion of critical files, potentially disrupting the application's functionality.

Reproduction

To reproduce this vulnerability, create a backup using the Supsystic Backup plugin. When downloading the backup, modify the download path parameter to include directory traversal sequences that access sensitive files, such as /etc/passwd. Alternatively, use the 'Delete' tab to delete files on the server by sending a POST request with the file path included in the removeAction parameter.