6
CVE-2014-8949
- EPSS 10.42%
- Veröffentlicht 16.11.2014 11:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginiMember360 3.8.012 - 3.9.001 - Remote Code Execution
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
Mögliche Gegenmaßnahme
iMember360is: Update to version 3.9.002, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
iMember360is
Version
3.8.012-3.9.001
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imember360 ≫ Imember360 Version3.8.012 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.013 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.014 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.000 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.001 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.42% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.