4 matches found
CVE-2022-2354
The CVE-2022-2354 issue affects the WordPress WP-DBManager plugin prior to version 2.80.8 and enables administrators in multisite installations (where only super-administrators should have it) to execute arbitrary commands on the server. Multiple sources (NVD/NIST, Red Hat, CVE lists, and Nessus ...
CVE-2014-8334
The CVE-2014-8334 issue affects the WordPress WP-DBManager plugin (pre-2.7.2). Vulnerable component: the backup handling code that reads $backup[' filepath'] and $backup['mysqldumppath']; root cause is shell metacharacter handling, enabling remote authenticated users to execute arbitrary commands...
CVE-2014-8335
The CVE-2014-8335 entry relates to the WP-DBManager (aka Database Manager) WordPress plugin, affected in versions prior to 2.7.2. The vulnerability affects the files wp-dbmanager.php and database-manage.php, where credentials are placed on the mysqldump command line, enabling local users to obtai...
CVE-2014-8336
The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...