CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. |
1Wp Dbmanager Project 1Wp Dbmanager Nov 21, 2024 Jan 5, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by u...Show more |
1Wp Dbmanager Project 1Wp Dbmanager Nov 21, 2024 Jan 5, 2018 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive...Show more |
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" fie...Show more |