Summary
The CM Download Manager for WordPress is prone to remote PHP-code execution vulnerability
Impact
An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may lead to a full compromise of the affected application or aid in further attacks.
Solution
Updates are available.
Insight
The application fails to properly validate user-supplied input
Affected
CM Download Manager 2.0.0 and prior are vulnerable.
Detection
Send a special crafted HTTP GET request and check the reponse
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8877 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability
- Athena Web Registration remote command execution flaw
- ApPHP MicroBlog Remote Code Execution Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities