1 results (0.002 seconds)
CVSS: 10.0EPSS: 37%CPEs: 4EXPL: 3
CVSS: 10.0EPSS: 37%CPEs: 4EXPL: 3CVE-2014-8877 – CM Download Manager <= 2.0.3 - Code Injection
https://notcve.org/view.php?id=CVE-2014-8877
10 Nov 2014 — The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. La función alterSearchQuery en lib/controllers/CmdownloadController.php en el plugin CreativeMinds CM Downloads Manager anterior a 2.0.4 para WordPress permite a atacantes remotos ejecutar código PHP arbitra... • https://packetstorm.news/files/id/129183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •