Vulnerabilities > CVE-2014-8731 - Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

phpmemcachedadmin-project

CWE-502

critical

NVD

Published: 2017-03-23

Updated: 2018-10-09

Summary

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

Vulnerable Configurations

Part	Description	Count
Application	Phpmemcachedadmin_Project Phpmemcachedadmin Project Phpmemcachedadmin 1.2.2	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

http://www.securityfocus.com/bid/71059
http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/98638
http://www.securityfocus.com/archive/1/533980/100/0/threaded
http://www.securityfocus.com/archive/1/533968/100/0/threaded