OS Command Injection in WP-Database-Backup

This vulnerability affects the wordpress-database Backup plugin and allows malicious crafted payload to be stored in wordpress “wp_db_exclude_table” to be executed on the remote host

Vulnerable code:

$wp_db_exclude_table = array(); $wp_db_exclude_table = get_option('wp_db_exclude_table'); if (!empty($wp_db_exclude_table)) { foreach ($wp_db_exclude_table as $wp_db_exclude_table) { $cmd .= ' --ignore-table=' . DB_NAME . '.' . $wp_db_exclude_table; // error_log(DB_NAME.'.'.$wp_db_exclude_table); } }

The code executes the program mysqldump with the argument “–ignore-table=” and appends each entry in the wp_db_exclude_table list. This leads to a enabling a malicious third party where to inject a payload in to the list such as a netcat shell or a malicious download and execute wget request

Recommendation:

If you run wordpress with this plugin we suggest you update your wordpress platform asap

External Links:

Sucuri

Firo

WPVULN

Wordfence Patch

Author:

ethicalhack3r

WPSCAN.IO