Tag Archives | PHP object injection

common.php (Object Injection Vulnerability in Backup & Restore Dropbox)

WordPress plugin Backup & Restore Dropbox have PHP Object Injection Vulnerability. It’s allow remote download malware to the server. We found it download common.php malware to server via FTP. dropbox-backup.php In the plugin file /wp-content/plugins/dropbox-backup/dropbox-backup.php the function wpadm_full_backup_dropbox_run() gets registered to run during init (so it runs whenever WordPress loads): That function then causes the […]

Continue Reading