Code Injection Vulnerability in CM Downloads Manager Plugin for WordPress
CVE-2014-8877
Currently unrated
What is CVE-2014-8877?
The CM Downloads Manager plugin for WordPress has a vulnerability in the alterSearchQuery function located in lib/controllers/CmdownloadController.php. This flaw allows remote attackers to execute arbitrary PHP code by exploiting the CMDsearch parameter in cmdownloads/. The vulnerability arises from the use of the PHP create_function function, which permits unauthorized code execution, posing a significant risk to affected installations.