WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability Network Vulnerability

Summary

The CM Download Manager for WordPress is prone to remote PHP-code execution vulnerability

Impact

An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may lead to a full compromise of the affected application or aid in further attacks.

Solution

Updates are available.

Insight

The application fails to properly validate user-supplied input

Affected

CM Download Manager 2.0.0 and prior are vulnerable.

Detection

Send a special crafted HTTP GET request and check the reponse

References

http://www.securityfocus.com/bid/71204

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8877

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

b2Evolution title SQL Injection
Apache Struts2 Redirection and Security Bypass Vulnerabilities
'research_display.php' SQL Injection Vulnerability
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities