CVE-2014-8731
published 2017-03-23CVE-2014-8731: PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the…
PriorityP259critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
11.76%
95.5th percentile
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmemcachedadmin_project | phpmemcachedadmin | <= 1.2.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability involves user-controlled serialized data being used to construct a filename, resulting in a PHP script being written into the webserver's document root. Monitor for unexpected PHP file creation within the webroot directory of PHPMemcachedAdmin deployments. ↗
- →All versions of PHPMemcachedAdmin up to and including 1.2.2 are affected. Presence of this version in a web-accessible location should be treated as a high-risk indicator. ↗
- →The attack vector involves serialized data and filename concatenation. Inspect HTTP requests to PHPMemcachedAdmin endpoints for serialized PHP payloads or path traversal patterns in parameters that influence filenames. ↗
- ·Upstream is no longer maintaining the project and no patch has been released. The package was retired from Fedora/EPEL repositories. There is no fixed version to upgrade to; the only remediation is removal. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [fedora-all]
bugzilla·2014-11-13·CVSS 9.8
CVE-2014-8731 [CRITICAL] CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [fedora-all]
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
Bugzilla
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [epel-6]
bugzilla·2014-11-13·CVSS 9.8
CVE-2014-8731 [CRITICAL] CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [epel-6]
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for phpMemcachedAdmin: see blocks bug li
Bugzilla
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw
bugzilla·2014-11-13·CVSS 9.8
CVE-2014-8731 [CRITICAL] CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw
CVE-2014-8731 phpMemcachedAdmin: remote code execution flaw
It was reported [1] that PHPMemcachedAdmin, a web-based frontend for Linux's memcached Daemon, is vulnerable to a remote code execution flaw:
PHPMemcachedAdmin stores data in the server's filesystem. Part of the serialized data and the last part of the concatenated filename may be specified by the user, which can lead to remote code execution e.g. if a php script is created and placed within the webserver's document root.
All versions prior and including the current version 1.2.2 are affected as far as we know.
Upstream has been contacted about this issue and a patch is being worked on [2].
[1] http://seclists.org/bugtraq/2014/Nov/71
[2] http://seclists.org/bugtraq/2014/Nov/76
Discussion:
Created phpMemcachedAdmin tracking
http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.htmlhttp://www.securityfocus.com/archive/1/533968/100/0/threadedhttp://www.securityfocus.com/archive/1/533980/100/0/threadedhttp://www.securityfocus.com/bid/71059https://exchange.xforce.ibmcloud.com/vulnerabilities/98638http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.htmlhttp://www.securityfocus.com/archive/1/533968/100/0/threadedhttp://www.securityfocus.com/archive/1/533980/100/0/threadedhttp://www.securityfocus.com/bid/71059https://exchange.xforce.ibmcloud.com/vulnerabilities/98638
2017-03-23
Published