6.5
CVE-2014-8336
- EPSS 2.6%
- Veröffentlicht 05.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:18:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP DB Manager < 2.7.2 - Arbitrary File Read
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.
Mögliche Gegenmaßnahme
WP-DBManager: Update to version 2.7.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-dbmanager Project ≫ Wp-dbmanager SwPlatformwordpress Version <= 2.7.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-DBManager
Version
[*, 2.7.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.6% | 0.833 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a
https://wordpress.org/plugins/wp-dbmanager/#developers
http://www.openwall.com/lists/oss-security/2014/10/21/3
https://exchange.xforce.ibmcloud.com/vulnerabilities/97694
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3192ee-f241-47b2-b10f-fc38f394012a