QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8334

Published: Oct 31, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1

mailing-list

x_refsource_MLIST

20141022 Vulnerabilities in WordPress Database Manager v2.7.1

mailing-list

x_refsource_FULLDISC

20141021 Vulnerabilities in WordPress Database Manager v2.7.1

mailing-list

x_refsource_BUGTRAQ

https://wordpress.org/plugins/wp-dbmanager/changelog/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html

x_refsource_MISC

http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html

x_refsource_MISC

[oss-security] 20141016 Vulnerabilities in WordPress Database Manager v2.7.1

mailing-list

x_refsource_MLIST

dbmgr-wp-cve20148334-command-exec(97689)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.