SQL Injection Vulnerability in CP Multi View Event Calendar Plugin for WordPress
CVE-2014-8586

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cp Multi View Event Calendar
Vendor
CVE Published:
4 November 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 78%

What is CVE-2014-8586?

An SQL injection vulnerability exists in version 1.01 of the CP Multi View Event Calendar plugin for WordPress. This flaw permits remote attackers to inject arbitrary SQL commands via the 'calid' parameter, potentially leading to unauthorized access to database information. The exploit can compromise sensitive data and may allow malicious users to manipulate the database. Users are urged to update their plugin and follow best security practices to mitigate potential risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-8586 - Proof of Concept

References

http://www.securityfocus.com/bid/70718
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/97766
vdb-entryx_refsource_XF
http://osvdb.org/show/osvdb/113670
vdb-entryx_refsource_OSVDB

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.