Wordpress CM Download Manager Remote Code Injection (CVE-2014-8877) Vulnerability Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Wordpress CM Download Manager Remote Code Injection (CVE-2014-8877) Vulnerability Scanner Detail

A successful attack could allow an anonymous attacker gains full control of the application and the ability to use any operating system functions that are available to the scripting environment.

Exploits a remote code injection vulnerability (CVE-2014-8877) in Wordpress CM Download Manager plugin. Versions <= 2.0.0 are known to be affected.

CM Download Manager plugin does not correctly sanitise the user input which allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP 'create_function' function.

The script injects PHP system() function into the vulnerable target in order to execute specified shell command.

Some Advice for Common Problems

Update the WordPress CM Download Manager Plugin to the latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service