7.8
CVE-2014-8335
- EPSS 0.53%
- Veröffentlicht 05.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:18:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP-DBManager < 2.72 - Command Injection
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
Mögliche Gegenmaßnahme
WP-DBManager: Update to version 2.72, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-dbmanager Project ≫ Wp-dbmanager SwPlatformwordpress Version <= 2.7.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-DBManager
Version
[*, 2.72)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html
http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
http://www.openwall.com/lists/oss-security/2014/10/20/7
https://exchange.xforce.ibmcloud.com/vulnerabilities/97691
https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a
https://wordpress.org/plugins/wp-dbmanager/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/7aca3b02-6c97-4d86-9378-e808c184e84c