4 results (0.002 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. El plugin WP-DBManager de WordPress versiones anteriores a 2.80.8, no evita que administradores ejecuten comandos arbitrarios en el servidor en instalaciones multisitio, donde sólo deberían hacerlo los superadministradores. The WP-DBManager plugin for WordPress is vulnerable to remote code execution due to an incorrect capability check in the ~/database-backup.php file in versions up to, and including, 2.80.7. This makes it possible for high level authenticated users, such as administrators, to run arbitrary commands on the affected server. This only affects multi-site installations where an administrator wouldn't have the capability to run arbitrary code. • https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 5

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. El plugin WP-DBManager (también conocido como Database Manager) anterior a 2.7.2 para WordPress permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en la variable (1) $backup['filepath'] (también conocido como el campo 'Path to Backup:') o (2) $backup['mysqldumppath']. The WP-DBManager (aka Database Manager) plugin before 2.72 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. • http://osvdb.org/show/osvdb/113508 http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html http://seclists.org/fulldisclosure/2014/Oct/99 http://seclists.org/oss-sec/2014/q4/365 http://seclists.org/oss-sec/2014/q4/410 http://www.securityfocus.com/archive/1/533763/100/0/threaded http://www.securityfocus.com/bid/70626 http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html https://e • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. El panel "Sql Run Query" en WP-DBManager (también conocido como Database Manager) en versiones anteriores a la 2.7.2 para WordPress permite que los atacantes remotos lean archivos arbitrarios aprovechándose de que no limita las consultas suficientemente, tal y como se demuestra con el uso de LOAD_FILE en una declaración INSERT. • http://www.openwall.com/lists/oss-security/2014/10/21/3 http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/97694 https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a https://wordpress.org/plugins/wp-dbmanager/#developers • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. (1) wp-dbmanager.php y (2) database-manage.php en el plugin WP-DBManager (también conocido como Database Manager) en versiones anteriores a la 2.7.2 para WordPress ubica credenciales en la línea de comandos mysqldump, lo que permite que los usuarios locales obtengan información sensible listando el proceso. (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.72 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. • http://packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html http://www.openwall.com/lists/oss-security/2014/10/20/7 http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/97691 https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a https://wordpress.org/plugins/wp-dbmanager/#developers • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-255: Credentials Management Errors •