CVE-2014-9119

NUCLEI

DB Backup plugin <4.5 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9119. PoCs published by Ashiyane Digital Security Team. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a file download vulnerability in the WordPress db-backup plugin, allowing unauthorized access to arbitrary files on the server via a direct request to the download.php script with a manipulated file parameter.

Description

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ashiyane Digital Security Team · textwebappsphp
https://www.exploit-db.com/exploits/35378

This exploit demonstrates a file download vulnerability in the WordPress db-backup plugin, allowing unauthorized access to arbitrary files on the server via a direct request to the download.php script with a manipulated file parameter.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress db-backup plugin (version not specified)
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress DB Backup <=4.5 - Local File Inclusion
MEDIUMby dhiyaneshDK

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99368
Exploit mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/1059

Scores

EPSS 0.5113
EPSS Percentile 97.9%

Details

CWE
CWE-22
Status published
Products (1)
db_backup_project/db_backup < 4.5
Published Dec 31, 2014
Tracked Since Feb 18, 2026