2 matches found
CVE-2014-8334
The WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 $backup'filepath' aka "Path to Backup:" field or 2 $backup'mysqldumppath' variable...
CVE-2014-8334
The CVE-2014-8334 issue affects the WordPress WP-DBManager plugin (pre-2.7.2). Vulnerable component: the backup handling code that reads $backup[' filepath'] and $backup['mysqldumppath']; root cause is shell metacharacter handling, enabling remote authenticated users to execute arbitrary commands...