Design/Logic Flaw

2018-01-0516:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.6%

JSON

The “Sql Run Query” panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.

CPENameOperatorVersion
wp-dbmanagerle2.7.1

CPE	Name	Operator	Version
	wp-dbmanager	le	2.7.1

References

www.openwall.com/lists/oss-security/2014/10/21/3

www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html

exchange.xforce.ibmcloud.com/vulnerabilities/97694

github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a

wordpress.org/plugins/wp-dbmanager/