CVE-2014-8877
published 2014-12-05CVE-2014-8877: The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows…
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.80%
96.3th percentile
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creative_minds | cm_download_manager | <= 2.0.3 | — |
| creative_minds | cm_download_manager | — | — |
| creative_minds | cm_download_manager | — | — |
| creative_minds | cm_download_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor GET requests to the cmdownloads/ endpoint for the CMDsearch parameter containing PHP function call patterns (e.g., quote-dot-function-dot-quote sequences such as ".phpinfo().") indicative of create_function injection. ↗
- →Alert on unauthenticated (anonymous) GET requests targeting /cmdownloads/ with a CMDsearch parameter, as exploitation requires no authentication. ↗
- →Use the Google dork 'inurl:cmdownloads' to identify exposed WordPress instances running the vulnerable CM Download Manager plugin. ↗
- →Inspect the vulnerable code path at line 130–158 of CmdownloadController.php for unsanitized use of $_GET['CMDsearch'] passed directly into PHP's create_function(), enabling arbitrary code execution. ↗
- ·The vulnerability affects CM Download Manager versions 2.0.0 and earlier; version 2.0.4 contains the patch. Detection rules should be scoped to installations running versions prior to 2.0.4. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.htmlhttp://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.htmlhttp://www.securityfocus.com/archive/1/534037/100/0/threadedhttp://www.securityfocus.com/bid/71204https://downloadsmanager.cminds.com/release-notes/http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.htmlhttp://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.htmlhttp://www.securityfocus.com/archive/1/534037/100/0/threadedhttp://www.securityfocus.com/bid/71204https://downloadsmanager.cminds.com/release-notes/
2014-12-05
Published