ID |
CVE-2014-8335
|
Summary |
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:1.00:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:1.00:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.00:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.00:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.01:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.01:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.02:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.02:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.03:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.03:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.04:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.04:*:*:*:*:wordpress:*:*
-
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.05:*:*:*:*:wordpress:*:*
cpe:2.3:a:wp-dbmanager_project:wp-dbmanager:2.05:*:*:*:*:wordpress:*:*
|
CVSS |
Base: | 2.1 (as of 19-01-2018 - 14:47) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-255 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
refmap
via4
|
confirm | | misc | | mlist | [oss-security] 20141020 Re: Vulnerabilities in WordPress Database Manager v2.7.1 | xf | dbmgr-wordpress-cve20148335-info-disc(97691) |
|
Last major update |
19-01-2018 - 14:47 |
Published |
05-01-2018 - 16:29 |
Last modified |
19-01-2018 - 14:47 |