Systems Affected
• Database Manager plugin version 2.7.1 and prior
Threat Level
Overview
Multiple vulnerabilities have been reported in Database Manager Plugin for WordPress which could be exploited by remote attackers to execute arbitrary commands on the target system.
Description
These vulnerabilities are caused due to improper validation of user-supplied input.
A remote authenticated attacker with current_user_can("manage_database") privileges can successfully exploit these vulnerabilities to execute arbitrary commands on the system via injecting shell metacharacters in $backup["mysqldumppath"] and $backup["filepath"] variables.
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|