Description
WordPress Plugin WP-DBManager is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin WP-DBManager version 2.79.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.79.2 or latest
References
Related Vulnerabilities
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
Apache Traffic Server CVE-2015-5168 Vulnerability (CVE-2015-5168)
WordPress Plugin Image Intense SQL Injection (3.2.5)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)