Vulnerability Description
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xcloner | Xcloner | 3.1.1 |
Related Weaknesses (CWE)
References
- http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/Exploit
- http://www.vapid.dhs.org/advisory.php?v=110Exploit
- http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/Exploit
- http://www.vapid.dhs.org/advisory.php?v=110Exploit
FAQ
What is CVE-2014-8603?
CVE-2014-8603 is a vulnerability with a CVSS score of 6.5 (MEDIUM). cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating ...
How severe is CVE-2014-8603?
CVE-2014-8603 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8603?
Check the references section above for vendor advisories and patch information. Affected products include: Xcloner Xcloner.