MidnightBSD

Advisories for creative_minds

CVE-2014-8877 HIGH

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
creative_minds cm_download_manager 2.0.1
creative_minds cm_download_manager 2.0.2
creative_minds cm_download_manager 2.0.0
creative_minds cm_download_manager *