Lucene search
MitreCVELIST:CVE-2014-8603HistoryJun 10, 2015 - 6:00 p.m.
CVE-2014-8603
2015-06-1018:00:00
mitre
www.cve.org
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG[‘tarcompress’], (5) $_CONFIG[‘filename’], (6) $_CONFIG[‘exfile_tar’], (7) $_CONFIG[sqldump], (8) $_CONFIG[‘mysql_host’], (9) $_CONFIG[‘mysql_pass’], (10) $_CONFIG[‘mysql_user’], (11) $database_name, or (12) $sqlfile variable.
Related
patchstack
patchstack
WordPress XCloner Plugin - Multiple Vulnerabilities
2014-11-10 00:00:00
prion
prion
Information disclosure
2015-06-10 18:59:00
cve
cve
CVE-2014-8603
2015-06-10 18:59:00
nvd
nvd
CVE-2014-8603
2015-06-10 18:59:00
packetstorm
packetstorm
Joomla/WordPress XCloner Command Execution / Password Disclosure
2014-11-07 00:00:00
wpvulndb
wpvulndb
XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)
2014-10-17 00:00:00
securityvulns
securityvulns
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
2015-06-08 00:00:00