Lucene search
HistoryJun 10, 2015 - 6:59 p.m.
CVE-2014-8607
cve-2014-8607
xcloner
wordpress
joomla
mysql
security vulnerability
sensitive information disclosure
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
Affected configurations
Node
xclonerxclonerMatch3.1.1wordpress
ORxclonerxclonerMatch3.5.1joomla\!
| CPE | Name | Operator | Version |
|---|---|---|---|
| xcloner:xcloner | xcloner | eq | 3.1.1 |
| xcloner:xcloner | xcloner | eq | 3.5.1 |
Related
nvd
nvd
CVE-2014-8607
2015-06-10 18:59:04
prion
prion
Command injection
2015-06-10 18:59:00
patchstack
patchstack
WordPress XCloner Plugin <= 3.1.1 - Multiple Vulnerabilities
2014-11-04 00:00:00
cvelist
cvelist
CVE-2014-8607
2015-06-10 18:00:00
packetstorm
packetstorm
Joomla/WordPress XCloner Command Execution / Password Disclosure
2014-11-07 00:00:00
wpvulndb
wpvulndb
XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)
2014-10-17 00:00:00
securityvulns
securityvulns
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
2015-06-08 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-8607