CVE-2014-8335

7.8HIGH

Key Information:

Vendor: Wordpress
Status: WP-dbmanager
Vendor: CVE Published:; 5 January 2018

Summary

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

References

http://packetstormsecurity.com/files/128785/WordPress-Dat...

x_refsource_MISC

https://github.com/lesterchan/wp-dbmanager/commit/7037fa8...

x_refsource_CONFIRM

http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2018
Vulnerability Reserved
Oct 20, 2014

.