The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin prior to 2.0.4 for WordPress allows remote malicious users to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
creative minds cm download manager |
||
creative minds cm download manager 2.0.2 |
||
creative minds cm download manager 2.0.1 |
||
creative minds cm download manager 2.0.0 |