CVE-2014-8949

2014-11-1611:59:05

CWE-94

mitre

web.nvd.nist.gov

cve-2014-8949

wordpress

plugin

remote code execution

shell metacharacters

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.017

Percentile

88.2%

JSON

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.

Affected configurations

Nvd

Node

imember360imember360Match3.8.012wordpress

imember360imember360Match3.8.013wordpress

imember360imember360Match3.8.014wordpress

imember360imember360Match3.9.000wordpress

imember360imember360Match3.9.001wordpress

VendorProductVersionCPE
imember360imember3603.8.012cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*
imember360imember3603.8.013cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:*
imember360imember3603.8.014cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:*
imember360imember3603.9.000cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:*
imember360imember3603.9.001cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
imember360	imember360	3.8.012	cpe:2.3:a:imember360:imember360:3.8.012:::::wordpress::
imember360	imember360	3.8.013	cpe:2.3:a:imember360:imember360:3.8.013:::::wordpress::
imember360	imember360	3.8.014	cpe:2.3:a:imember360:imember360:3.8.014:::::wordpress::
imember360	imember360	3.9.000	cpe:2.3:a:imember360:imember360:3.9.000:::::wordpress::
imember360	imember360	3.9.001	cpe:2.3:a:imember360:imember360:3.9.001:::::wordpress::