CVE-2014-8949
published 2014-11-16CVE-2014-8949: The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters…
PriorityP349medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
7.51%
93.7th percentile
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imember360 | imember360 | — | — |
| imember360 | imember360 | — | — |
| imember360 | imember360 | — | — |
| imember360 | imember360 | — | — |
| imember360 | imember360 | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cc67-g2vp-78hq: The iMember360 plugin 3
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2014-8949 [MEDIUM] CWE-94 GHSA-cc67-g2vp-78hq: The iMember360 plugin 3
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
OSV
libdbd-mysql-perl vulnerabilities
osv·2016-10-13·CVSS 9.8
CVE-2014-9906 libdbd-mysql-perl vulnerabilities
libdbd-mysql-perl vulnerabilities
It was discovered that DBD::mysql incorrectly handled certain memory
operations. A remote attacker could use this issue to cause DBD::mysql to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-9906)
Hanno Böck discovered that DBD::mysql incorrectly handled certain memory
operations. A remote attacker could use this issue to cause DBD::mysql to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2015-8949)
Pali Rohár discovered that DBD::mysql incorrectly handled certain user
supplied data. A remote attacker could use this issue to cause DBD::mysql
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1246)
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/106301http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2014/Apr/265http://secunia.com/advisories/58094http://www.exploit-db.com/exploits/33076http://osvdb.org/show/osvdb/106301http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2014/Apr/265http://secunia.com/advisories/58094http://www.exploit-db.com/exploits/33076
2014-11-16
Published