CVE-2014-8336

Name of the Vulnerable Software and Affected Versions WP-DBManager plugin versions prior to 2.7.2

Description The issue allows remote attackers to read arbitrary files due to insufficient query limitations in the "Sql Run Query" panel. This can be exploited using the LOAD FILE function in an INSERT statement.

Recommendations For WP-DBManager plugin versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Sql Run Query" panel to minimize the risk of exploitation.