CVE-2019-25224
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
databasebackup · WP Database Backup – Unlimited Database & Files Backup by Backup for WPPoCs públicas encontradas — 1
cve_referencepacketstormsecurity.com/files/153781/no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://blog.sucuri.net/2019/06/os-command-injection-in-wp-database-backup.htmlhttps://packetstormsecurity.com/files/153781/https://plugins.trac.wordpress.org/changeset/2078035/wp-database-backuphttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_db_backup_rce.rbhttps://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/d21cf285-9d75-43a2-9e81-67116f0bf896?source=cve