Lucene search

K

[email protected]NVD:CVE-2014-8334

HistoryOct 31, 2014 - 2:55 p.m.

CVE-2014-8334

2014-10-3114:55:10

CWE-78

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup[‘filepath’] (aka “Path to Backup:” field) or (2) $backup[‘mysqldumppath’] variable.

Affected configurations

NVD

Node

wp-dbmanager_projectwp-dbmanagerRange≤2.71wordpress

References

osvdb.org/show/osvdb/113508

packetstormsecurity.com/files/128785/WordPress-Database-Manager-2.7.1-Command-Injection-Credential-Leak.html

seclists.org/fulldisclosure/2014/Oct/99

seclists.org/oss-sec/2014/q4/365

seclists.org/oss-sec/2014/q4/410

www.securityfocus.com/archive/1/533763/100/0/threaded

www.securityfocus.com/bid/70626

www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html

exchange.xforce.ibmcloud.com/vulnerabilities/97689

wordpress.org/plugins/wp-dbmanager/changelog/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

Related for NVD:CVE-2014-8334

prion1 cve1 patchstack1 cvelist1 zdt1 packetstorm1 wpvulndb1 securityvulns1