CVE-2007-2766

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.

Published: May 19, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2766
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
backup_manager / backup_manager	-	0.7.5.x

http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146
http://osvdb.org/34780
http://www.backup-manager.org/pipermail/backup-manager-commits/2007-January/000212.html
http://www.vupen.com/english/advisories/2007/2412
http://www2.backup-manager.org/Release076
https://exchange.xforce.ibmcloud.com/vulnerabilities/34489

Vulnerability Database

290,301

CVE-2007-2766