exploitDog

GHSA-p937-9x7h-c2gp

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

Ссылки

EPSS

Процентиль: 97%

0.30124

Средний

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2014-8877

nvd

около 11 лет назад

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

EPSS

Процентиль: 97%

0.30124

Средний

CVE ID

Дефекты

CWE-94