Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9185

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-9185
Last Modified 22 Dec 2014 09:42:25
Published 19 Dec 2014 10:59:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9185

Summary

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.

Vulnerable Systems

Application

  • Morfy Cms Project Morfy Cms 1.04


References

MISC - https://github.com/Awilum/monstra-cms/issues/351

MISC - http://www.vulnerability-lab.com/get_content.php?id=1367

BUGTRAQ - 20141217 Morfy CMS v1.05 - Command Execution Vulnerability

MISC - http://packetstormsecurity.com/files/129624/Morfy-CMS-1.05-Remote-Command-Execution.html


Last Updated: 27 May 2016 11:07:20