Lucene search
Rrdw1337DAY-ID-22870HistoryNov 13, 2014 - 12:00 a.m.
PHPMemcachedAdmin 1.2.2 Remote Code Execution Vulnerability
2014-11-1300:00:00
rrdw
0day.today
121
0.019 Low
EPSS
Percentile
87.1%
PHPMemcachedAdmin versions 1.2.2 and below suffer from a remote code execution vulnerability.
CVE-2014-8731
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C]
CVSSv2 Base Score=10.0
CVSSv2 Temp Score=9.5
OWASP Top 10 classification: A1 - Injection
PHPMemcachedAdmin is a web-based frontend for Linux's memcached Daemon.
Project Homepage:
https://code.google.com/p/phpmemcacheadmin/
Download Site:
http://blog.elijaa.org/index.php?pages/phpMemcachedAdmin-Download
PHPMemcachedAdmin stores data in the server's filesystem.
Part of the serialized data and the last part of the concatenated filename may be specified by the user, which can lead to remote code execution e.g. if a php script is created and placed within the webserver's document root.
All versions prior and including the current version 1.2.2 are affected as far as we know.
# 0day.today [2018-03-05] #Related
prion
prion
Code injection
2017-03-23 17:59:00
securityvulns
securityvulns
CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
2014-12-01 00:00:00
cve
cve
CVE-2014-8731
2017-03-23 17:59:00
cvelist
cvelist
CVE-2014-8731
2017-03-23 17:00:00