Home Vulnerability EDB-ID-47187: Wordpress Database Backup (5.2 and lower) Command Injection Vulnerability And Remote Code Execution (Metasploit)

EDB-ID-47187: Wordpress Database Backup (5.2 and lower) Command Injection Vulnerability And Remote Code Execution (Metasploit)

By
Monday, July 29, 2019
Read
Add Comment
About EDB-ID-47187: Wordpress Database Backup Command Injection Vulnerability (version 5.2 and lower)
EDB-ID-47187 Description
   There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions < 5.2.
   For the backup functionality, the plugin generates a mysqldump command to execute.
   The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page.
   The names of the excluded tables are included in the mysqldump command unsanitized.
   Arbitrary commands injected through the wp_db_exclude_table parameter are executed each time the functionality for creating a new database backup are run.
   Authentication is required to successfully exploit this vulnerability.

   You can read more about this vulnerability in here: OS Command Injection Vulnerability Patched In WP Database Backup Plugin

EDB-ID-47187 Remote Code Execution (Metasploit Module)
    Tags :

    Created By Nexus · Powered by Blogger
    © All Rights Reserved

    Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us