Описание
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:imember360:imember360:3.8.012:*:*:*:*:wordpress:*:*
cpe:2.3:a:imember360:imember360:3.8.013:*:*:*:*:wordpress:*:*
cpe:2.3:a:imember360:imember360:3.8.014:*:*:*:*:wordpress:*:*
cpe:2.3:a:imember360:imember360:3.9.000:*:*:*:*:wordpress:*:*
cpe:2.3:a:imember360:imember360:3.9.001:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 93%
0.10417
Средний
6 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
EPSS
Процентиль: 93%
0.10417
Средний
6 Medium
CVSS2
Дефекты
CWE-94