module
WP Database Backup RCE
| Disclosed |
|---|
| Apr 24, 2019 |
Disclosed
Apr 24, 2019
Description
There exists a command injection vulnerability in the Wordpress plugin
`wp-database-backup` for versions
For the backup functionality, the plugin generates a `mysqldump` command
to execute. The user can choose specific tables to exclude from the backup
by setting the `wp_db_exclude_table` parameter in a POST request to the
`wp-database-backup` page. The names of the excluded tables are included in
the `mysqldump` command unsanitized. Arbitrary commands injected through the
`wp_db_exclude_table` parameter are executed each time the functionality
for creating a new database backup are run.
Authentication is required to successfully exploit this vulnerability.
`wp-database-backup` for versions
For the backup functionality, the plugin generates a `mysqldump` command
to execute. The user can choose specific tables to exclude from the backup
by setting the `wp_db_exclude_table` parameter in a POST request to the
`wp-database-backup` page. The names of the excluded tables are included in
the `mysqldump` command unsanitized. Arbitrary commands injected through the
`wp_db_exclude_table` parameter are executed each time the functionality
for creating a new database backup are run.
Authentication is required to successfully exploit this vulnerability.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.