CVE-2014-8877 Scanner
Detects 'Code Injection' vulnerability in CreativeMinds CM Downloads Manager plugin for Wordpress affects v. before 2.0.4.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2014-8877 Scanner Detail
The CreativeMinds CM Downloads Manager plugin is a WordPress plugin that helps users manage downloads on their website. This plugin allows users to upload and share files with their audience. It is used by users who want to share files such as documents, images, and videos with their website visitors. The CreativeMinds CM Downloads Manager plugin is a popular option for bloggers, content creators, and businesses who want to provide downloads for their audience.
One of the vulnerabilities found in the CreativeMinds CM Downloads Manager plugin is CVE-2014-8877. This vulnerability occurs due to the alterSearchQuery function in lib/controllers/CmdownloadController.php. This function allows attackers to execute arbitrary PHP code through the CMDsearch parameter to cmdownloads/. The PHP create_function function processes this parameter.
When this vulnerability is exploited, attackers can execute malicious code on the website without the website owner's knowledge. This can lead to serious consequences such as stealing user data, defacing the website, using the website for malicious activities, and more. The exploitation of this vulnerability can result in a loss of credibility and trust in the website, which can negatively impact the website's reputation and success.
Thanks to the pro features of the securityforeveryone.com platform, website owners can easily and quickly learn about vulnerabilities in their digital assets. With this platform, users can scan their websites for vulnerabilities and receive detailed reports on discovered vulnerabilities. This allows website owners to take action quickly and protect their websites from potential attacks. By using this platform, website owners can ensure the security of their digital assets and protect themselves from potential attacks.
REFERENCES
- https://downloadsmanager.cminds.com/release-notes/
- http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html
- securityfocus.com: 71204
- securityfocus.com: 20141120 CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin
- http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html
control security posture