Remote File Reading Vulnerability in WP-DBManager Plugin from WordPress
CVE-2014-8336

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-dbmanager
Vendor: CVE Published:; 5 January 2018

What is CVE-2014-8336?

The WP-DBManager plugin for WordPress contains a vulnerability that allows remote attackers to access arbitrary files on the server. This flaw arises due to insufficient query limitations in the 'Sql Run Query' panel, enabling unauthorized use of the LOAD_FILE function within an INSERT statement. As a result, attackers could exploit this weakness to read sensitive files from the server, posing a significant security risk to WordPress websites.