Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-8877
HistoryDec 05, 2014 - 6:59 p.m.

CVE-2014-8877

2014-12-0518:59:00
CWE-94
[email protected]
web.nvd.nist.gov
34
cve-2014-8877
wordpress
creativeminds
downloads manager
remote code execution
security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.6 High

AI Score

Confidence

High

0.461 Medium

EPSS

Percentile

97.4%

JSON

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

Affected configurations

NVD
Node
creative_mindscm_download_managerRange2.0.3wordpress
OR
creative_mindscm_download_managerMatch2.0.0wordpress
OR
creative_mindscm_download_managerMatch2.0.1wordpress
OR
creative_mindscm_download_managerMatch2.0.2wordpress

Related

wpexploit 1
patchstack 1
zdt 1
wpvulndb 1
packetstorm 1
prion 1
openvas 1
exploitpack 1
cvelist 1
nvd 1
securityvulns 2
checkpoint_advisories 1
exploitdb 1
nmap 1
wpexploit
wpexploit
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-20 00:00:00
patchstack
patchstack
WordPress CM Download Manager Plugin 2.0.0 - Code Injection
2014-11-22 00:00:00
zdt
zdt
WordPress CM Download Manager 2.0.0 Code Injection Vulnerability
2014-11-20 00:00:00
wpvulndb
wpvulndb
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-20 00:00:00
packetstorm
packetstorm
WordPress CM Download Manager 2.0.0 Code Injection
2014-11-20 00:00:00
prion
prion
Code injection
2014-12-05 18:59:00
openvas
openvas
WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability
2014-11-21 00:00:00
exploitpack
exploitpack
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
cvelist
cvelist
CVE-2014-8877
2014-12-05 18:00:00
nvd
nvd
CVE-2014-8877
2014-12-05 18:59:00
securityvulns
securityvulns
CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin
2014-12-01 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-01 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress CM Download Manager Code Injection (CVE-2014-8877)
2017-01-30 00:00:00
exploitdb
exploitdb
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
nmap
nmap
http-vuln-cve2014-8877 NSE Script
2015-11-11 17:02:28

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.6 High

AI Score

Confidence

High

0.461 Medium

EPSS

Percentile

97.4%

JSON
Related for CVE-2014-8877
wpexploit1patchstack1zdt1wpvulndb1packetstorm1prion1openvas1exploitpack1cvelist1nvd1securityvulns2checkpoint_advisories1exploitdb1nmap1