Vulnerabilities > CVE-2014-8731 - Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html
- http://www.securityfocus.com/archive/1/533968/100/0/threaded
- http://www.securityfocus.com/archive/1/533968/100/0/threaded
- http://www.securityfocus.com/archive/1/533980/100/0/threaded
- http://www.securityfocus.com/archive/1/533980/100/0/threaded
- http://www.securityfocus.com/bid/71059
- http://www.securityfocus.com/bid/71059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98638