CVE-2014-8948

Exploit

EPSS 0.96%
Veröffentlicht 16.11.2014 11:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter.  NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.

Mögliche Gegenmaßnahme

iMember360is: Update to version 3.9.001, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt iMember360is

Version [3.8.012, 3.9.001)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imember360 ≫ Imember360 Version3.8.012 SwPlatformwordpress

Imember360 ≫ Imember360 Version3.8.013 SwPlatformwordpress

Imember360 ≫ Imember360 Version3.8.014 SwPlatformwordpress

Imember360 ≫ Imember360 Version3.9.000 SwPlatformwordpress

Imember360 ≫ Imember360 Version3.9.001 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.96%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html

Exploit

http://seclists.org/fulldisclosure/2014/Apr/265

Exploit

http://secunia.com/advisories/58094

http://www.exploit-db.com/exploits/33076

Exploit

http://osvdb.org/show/osvdb/106301

https://www.wordfence.com/threat-intel/vulnerabilities/id/c1621cd2-78d3-4429-862a-b425f5436f38

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-8948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8948

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-8948