| ID |
CVE-2014-8335
|
| Summary |
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:1.00:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:1.00:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.00:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.00:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.01:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.01:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.02:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.02:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.03:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.03:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.04:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.04:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.05:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.05:*:*:*:*:wordpress:*:*
|
| CVSS |
| Base: | 2.1 (as of 19-01-2018 - 14:47) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-255 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| refmap
via4
|
| confirm | | | misc | | | mlist | [oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1 | | xf | dbmgr-wordpress-cve20148335-info-disc(97691) |
|
| Last major update |
19-01-2018 - 14:47 |
| Published |
05-01-2018 - 16:29 |
| Last modified |
19-01-2018 - 14:47 |
