CVE-2014-8877

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cm Download Manager
Vendor: CVE Published:; 5 December 2014

Summary

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

References

https://downloadsmanager.cminds.com/release-notes/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129183/WordPress-CM-...

x_refsource_MISC

http://www.securityfocus.com/bid/71204

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2014
Vulnerability Reserved
Nov 14, 2014