WordPress CM Download Manager Plugin Remote PHP Code Execution Vulnerability Network Vulnerability

Summary

The CM Download Manager for WordPress is prone to remote PHP-code execution vulnerability

Impact

An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may lead to a full compromise of the affected application or aid in further attacks.

Solution

Updates are available.

Insight

The application fails to properly validate user-supplied input

Affected

CM Download Manager 2.0.0 and prior are vulnerable.

Detection

Send a special crafted HTTP GET request and check the reponse

References

http://www.securityfocus.com/bid/71204

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8877
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ASP Inline Corporate Calendar SQL injection
AdPeeps 'index.php' Multiple Vulnerabilities.
Artmedic Kleinanzeigen File Inclusion Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
ARRIS 2307 Unprotected Web Console

Take action and discover your vulnerabilities