Code Injection Vulnerability in CM Downloads Manager Plugin for WordPress
CVE-2014-8877

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cm Download Manager
Vendor
CVE Published:
5 December 2014

What is CVE-2014-8877?

The CM Downloads Manager plugin for WordPress has a vulnerability in the alterSearchQuery function located in lib/controllers/CmdownloadController.php. This flaw allows remote attackers to execute arbitrary PHP code by exploiting the CMDsearch parameter in cmdownloads/. The vulnerability arises from the use of the PHP create_function function, which permits unauthorized code execution, posing a significant risk to affected installations.

References

https://downloadsmanager.cminds.com/release-notes/
x_refsource_CONFIRM
http://packetstormsecurity.com/files/129183/WordPress-CM-...
x_refsource_MISC
http://www.securityfocus.com/bid/71204
vdb-entryx_refsource_BID

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.