CVE-2014-8335

high

Description

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

References

Advisories
More

https://wordpress.org/plugins/wp-dbmanager/#developers

https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a

https://exchange.xforce.ibmcloud.com/vulnerabilities/97691

http://www.openwall.com/lists/oss-security/2014/10/20/7

Details

Source: Mitre, NVD

Published: 2018-01-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00106