CVE-2014-8877

2014-12-05T13:59:00
ID CVE-2014-8877
Type cve
Reporter NVD
Modified 2018-10-09T15:54:50

Description

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.