CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2354 – WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-2354
25 Jul 2022 — The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. El plugin WP-DBManager de WordPress versiones anteriores a 2.80.8, no evita que administradores ejecuten comandos arbitrarios en el servidor en instalaciones multisitio, donde sólo deberían hacerlo los superadministradores. The WP-DBManager plugin for WordPress is vulnerable to remote code execution due to an incorre... • https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 6CVE-2014-8334 – WP-DBManager < 2.72 - OS Command Injection
https://notcve.org/view.php?id=CVE-2014-8334
13 Oct 2014 — The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. El plugin WP-DBManager (también conocido como Database Manager) anterior a 2.7.2 para WordPress permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en la variable (1) $backup['filepath'] (tamb... • https://packetstorm.news/files/id/128785 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2014-8336 – WP DB Manager < 2.7.2 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2014-8336
13 Oct 2014 — The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. El panel "Sql Run Query" en WP-DBManager (también conocido como Database Manager) en versiones anteriores a la 2.7.2 para WordPress permite que los atacantes remotos lean archivos arbitrarios aprovechándose de que no limita las consultas suficientement... • http://www.openwall.com/lists/oss-security/2014/10/21/3 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8335 – WP-DBManager < 2.72 - Command Injection
https://notcve.org/view.php?id=CVE-2014-8335
13 Oct 2014 — (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. (1) wp-dbmanager.php y (2) database-manage.php en el plugin WP-DBManager (también conocido como Database Manager) en versiones anteriores a la 2.7.2 para WordPress ubica credenciales en la línea de comandos mysqldump, lo que permite que los usuarios locale... • https://packetstorm.news/files/id/128785 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-255: Credentials Management Errors •