7.8
CVE-2014-8335
- EPSS 0.11%
- Veröffentlicht 05.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:18:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP-DBManager < 2.72 - Command Injection
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
Mögliche Gegenmaßnahme
WP-DBManager: Update to version 2.72, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-DBManager
Version
[*, 2.72)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-dbmanager Project ≫ Wp-dbmanager SwPlatformwordpress Version <= 2.7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.256 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|