Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-8877
HistoryDec 05, 2014 - 6:59 p.m.

CVE-2014-8877

2014-12-0518:59:00
CWE-94
[email protected]
web.nvd.nist.gov
34
cve-2014-8877
wordpress
creativeminds
downloads manager
remote code execution
security vulnerability

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.461 Medium

EPSS

Percentile

97.4%

JSON

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

Related

wpexploit 1
patchstack 1
zdt 1
wpvulndb 1
securityvulns 2
exploitpack 1
cvelist 1
openvas 1
checkpoint_advisories 1
prion 1
packetstorm 1
exploitdb 1
nmap 1
wpexploit
wpexploit
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-20 00:00:00
patchstack
patchstack
WordPress CM Download Manager Plugin 2.0.0 - Code Injection
2014-11-22 00:00:00
zdt
zdt
WordPress CM Download Manager 2.0.0 Code Injection Vulnerability
2014-11-20 00:00:00
wpvulndb
wpvulndb
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-20 00:00:00
securityvulns
securityvulns
CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin
2014-12-01 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-01 00:00:00
exploitpack
exploitpack
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
cvelist
cvelist
CVE-2014-8877
2014-12-05 18:00:00
openvas
openvas
WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability
2014-11-21 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress CM Download Manager Code Injection (CVE-2014-8877)
2017-01-30 00:00:00
prion
prion
Code injection
2014-12-05 18:59:00
packetstorm
packetstorm
WordPress CM Download Manager 2.0.0 Code Injection
2014-11-20 00:00:00
exploitdb
exploitdb
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
nmap
nmap
http-vuln-cve2014-8877 NSE Script
2015-11-11 17:02:28

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.461 Medium

EPSS

Percentile

97.4%

JSON
Related for CVE-2014-8877
wpexploit1patchstack1zdt1wpvulndb1securityvulns2exploitpack1cvelist1openvas1checkpoint_advisories1prion1packetstorm1exploitdb1nmap1