Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple command execution vulnerabilities in Database Manager plugin for WordPress

 

Systems Affected


Database Manager plugin version 2.7.1 and prior

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in Database Manager Plugin for WordPress which could be exploited by remote attackers to execute arbitrary commands on the target system.


Description


These vulnerabilities are caused due to improper validation of user-supplied input.

A remote authenticated attacker with current_user_can("manage_database") privileges can successfully exploit these vulnerabilities to execute arbitrary commands on the system via injecting shell metacharacters in $backup["mysqldumppath"] and $backup["filepath"] variables.


Impact



Solution/ Workarounds


Upgrade to latest version of Database Manager Plugin https://wordpress.org/plugins/wp-dbmanager/changelog/


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.