CVE-2014-2265
published 2014-03-14CVE-2014-2265: Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the…
PriorityP434medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
3.06%
85.9th percentile
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rocklobster | contact_form_7 | <= 3.7.1 | — |
| rocklobster | contact_form_7 | — | — |
| rocklobster | contact_form_7 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vp6f-3h5q-wv8h: Rock Lobster Contact Form 7 before 3
ghsa_unreviewed·2022-05-17
CVE-2014-2265 [MEDIUM] GHSA-vp6f-3h5q-wv8h: Rock Lobster Contact Form 7 before 3
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Red Hat
cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
vendor_redhat·2015-02-26·CVSS 8.3
CVE-2015-2265 [HIGH] CWE-78 cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Statement: Not vulnerable. This issue did not affect the versions of cups-filters as shipped with Red Hat Enterprise Linux 7.
Package: cups-filters (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
http://contactform7.com/2014/02/26/contact-form-7-372/http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/http://wordpress.org/plugins/contact-form-7/changeloghttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/https://www.cvedetails.com/cve/CVE-2014-2265/http://contactform7.com/2014/02/26/contact-form-7-372/http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/http://wordpress.org/plugins/contact-form-7/changeloghttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/https://www.cvedetails.com/cve/CVE-2014-2265/
2014-03-14
Published