Lucene search

[email protected]NVD:CVE-2014-8949

HistoryNov 16, 2014 - 11:59 a.m.

CVE-2014-8949

2014-11-1611:59:05

CWE-94

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.1%

JSON

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.

Affected configurations

NVD

Node

imember360imember360Match3.8.012wordpress

imember360imember360Match3.8.013wordpress

imember360imember360Match3.8.014wordpress

imember360imember360Match3.9.000wordpress

imember360imember360Match3.9.001wordpress

References

osvdb.org/show/osvdb/106301

packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html

seclists.org/fulldisclosure/2014/Apr/265

secunia.com/advisories/58094

www.exploit-db.com/exploits/33076

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.1%

JSON

Related for NVD:CVE-2014-8949

cve2 prion2 cvelist2 nvd1 patchstack1 wpvulndb1