ThreatPress

WordPress Vulnerabilities Database

Back

WordPress DBManager Plugin <= 2.7.1 - Multiple Vulnerabilities

Product
DBManager
Description
There are multiple vulnerabilities in this plugin, that allow remote authenticated users to execute arbitrary commands via shell metacharacters in the $backup['filepath'] or $backup['mysqldumppath'] variable.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-8334
Versions
Affected In <= 2.7.1
Fixed In 2.7.2
Disclosure date
2014-10-20
Credits
Larry W. Cashdollar