← volver
CVE-2014-8948

CVE-2014-8948

EPSS 3.7%
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.htmlno verificadocve_referencewww.exploit-db.com/exploits/33076no verificadoexploitdbwww.exploit-db.com/exploits/33076no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://osvdb.org/show/osvdb/106301http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2014/Apr/265http://secunia.com/advisories/58094http://www.exploit-db.com/exploits/33076