Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple command execution vulnerabilities in Database Manager plugin for WordPress

 

Systems Affected


Database Manager plugin version 2.7.1 and prior

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in Database Manager Plugin for WordPress which could be exploited by remote attackers to execute arbitrary commands on the target system.


Description


These vulnerabilities are caused due to improper validation of user-supplied input.

A remote authenticated attacker with current_user_can("manage_database") privileges can successfully exploit these vulnerabilities to execute arbitrary commands on the system via injecting shell metacharacters in $backup["mysqldumppath"] and $backup["filepath"] variables.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.