// ----------------------------------------------------------------------------------------------//
RSS

Edb-Id-47187: Wordpress Database Backup (5.2 Too Lower) Ascendance Injection Vulnerability Too Remote Code Execution (Metasploit)

Posted by Dan's | Labels:

About EDB-ID-47187: Wordpress Database Backup Command Injection Vulnerability (version 5.2 in addition to lower)
EDB-ID-47187 Description
   There exists a ascendency injection vulnerability inwards the Wordpress plugin wp-database-backup for versions < 5.2.
   For the backup functionality, the plugin generates a mysqldump command to execute.
   The user tin pick out specific tables to exclude from the backup by setting the wp_db_exclude_table parameter inwards a POST asking to the wp-database-backup page.
   The names of the excluded tables are included inwards the mysqldump ascendency unsanitized.
   Arbitrary commands injected through the wp_db_exclude_table parameter are executed each fourth dimension the functionality for creating a novel database backup are run.
   Authentication is required to successfully exploit this vulnerability.

    You tin read to a greater extent than close this vulnerability inwards here: OS Command Injection Vulnerability Patched In WP Database Backup Plugin

 EDB-ID-47187 Remote Code Execution (Metasploit Module)

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Posted by Dan's

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)