CVE-2014-8336

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-dbmanager
Vendor: CVE Published:; 5 January 2018

Summary

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.

References

https://github.com/lesterchan/wp-dbmanager/commit/7037fa8...

x_refsource_CONFIRM

http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/97694

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2018
Vulnerability Reserved
Oct 20, 2014

.