• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
WordPress Vulnerability Detail

OS Command Injection in WP-Database-Backup

June 4, 2019Marc-Alexandre Montpas

Exploitation Level: Easy/Remote

DREAD Score: 8.0

Vulnerability: OS Command Injection

Patched Version: 5.2

838
SHARES
FacebookTwitterSubscribe

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs.

Are You Affected?

On April 30th, version 5.2 was released, patching this vulnerability. If any of your websites use an older version, they’re vulnerable.

The bug can be exploited in two steps:

First, the attacker needs to store a malicious shell command in the wp_db_exclude_table option using an arbitrary option update vulnerability. When this is done, next the shell command saved on the site will be executed whenever the plugin creates a new database backup.

This can either happen by waiting for an administrator to manually create one, or if the Auto-Backup functionality is enabled, waiting until the next run occurs in order to gain access to the server.

Indicator of Compromise

If you see requests to either /wp-admin/admin-ajax.php?page=wp-database-backup or /wp-admin/admin-post.php?page=wp-database-backup, you site may have already been targeted by hackers.

Attacks in the Wild

We are not aware of attacks targeting this specific vulnerability yet. We will keep an eye open for those.

Update as Soon as Possible

If you’re using a vulnerable version of this plugin, update as soon as possible. In the event where you cannot do this, we strongly recommend leveraging the Sucuri website firewall or equivalent technology to have the vulnerability patched virtually.

 

838
SHARES
FacebookTwitterSubscribe

Categories: Vulnerability Disclosure, WordPress SecurityTags: Hacked Websites, WordPress Plugins and Themes

About Marc-Alexandre Montpas

Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

How to Clean a Hacked Website Guide

WordPress Security Guide

How to know you can trust a plugin

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.