mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-11 16:47:12 +02:00
0xMarcio
847 B
847 B
CVE-2014-8877
Description
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.