[wp-trac] [WordPress Trac] #52544: Removing database tables allows anyone to take over all website files
WordPress Trac
noreply at wordpress.org
Tue Feb 23 14:44:41 UTC 2021
#52544: Removing database tables allows anyone to take over all website files
-----------------------------+------------------------------
Reporter: winternetstudio | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.6.1
Severity: major | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by apmarshall):
So I am just trying to think through the possible scenarios here. Here is
what I have:
1. Someone accidentally deletes the database AND a hacker happens to be
opportunistically lurking and leaps in to install their own site on your
build.
2. A hacker has mySQL permissions to delete the database and uses this as
a way to take over your install.
3. A malicious insider uses this vector to flush the site and make their
own.
In all three cases, the old site is effectively gone, right? Database
wiped, you/the hacker are starting from scratch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52544#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list