QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8336

Published: Jan 5, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a

x_refsource_CONFIRM

http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html

x_refsource_MISC

dbmgr-wordpress-cve20148336-file-download(97694)

vdb-entry

x_refsource_XF

https://wordpress.org/plugins/wp-dbmanager/#developers

x_refsource_CONFIRM

[oss-security] 20141021 Re: Vulnerabilities in WordPress Database Manager v2.7.1

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.