Vulnerability Details CVE-2014-3848
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.206
EPSS Ranking 95.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html
- http://releases.imember360.com/
- http://seclists.org/fulldisclosure/2014/Apr/265
- http://www.exploit-db.com/exploits/33076
- http://www.osvdb.org/106298
- http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html
- http://releases.imember360.com/
- http://seclists.org/fulldisclosure/2014/Apr/265
- http://www.exploit-db.com/exploits/33076
- http://www.osvdb.org/106298
Products affected by CVE-2014-3848
-
cpe:2.3:a:imember360:imember360:3.4.013
-
cpe:2.3:a:imember360:imember360:3.4.014
-
cpe:2.3:a:imember360:imember360:3.4.015
-
cpe:2.3:a:imember360:imember360:3.4.016
-
cpe:2.3:a:imember360:imember360:3.4.017
-
cpe:2.3:a:imember360:imember360:3.4.018
-
cpe:2.3:a:imember360:imember360:3.5.000
-
cpe:2.3:a:imember360:imember360:3.5.001
-
cpe:2.3:a:imember360:imember360:3.5.002
-
cpe:2.3:a:imember360:imember360:3.5.003
-
cpe:2.3:a:imember360:imember360:3.5.004
-
cpe:2.3:a:imember360:imember360:3.5.005
-
cpe:2.3:a:imember360:imember360:3.5.006
-
cpe:2.3:a:imember360:imember360:3.5.007
-
cpe:2.3:a:imember360:imember360:3.5.008
-
cpe:2.3:a:imember360:imember360:3.5.009
-
cpe:2.3:a:imember360:imember360:3.5.010
-
cpe:2.3:a:imember360:imember360:3.5.011
-
cpe:2.3:a:imember360:imember360:3.5.012
-
cpe:2.3:a:imember360:imember360:3.5.013
-
cpe:2.3:a:imember360:imember360:3.5.014
-
cpe:2.3:a:imember360:imember360:3.5.015
-
cpe:2.3:a:imember360:imember360:3.5.016
-
cpe:2.3:a:imember360:imember360:3.6.000
-
cpe:2.3:a:imember360:imember360:3.6.001
-
cpe:2.3:a:imember360:imember360:3.6.002
-
cpe:2.3:a:imember360:imember360:3.6.003
-
cpe:2.3:a:imember360:imember360:3.6.004
-
cpe:2.3:a:imember360:imember360:3.6.005
-
cpe:2.3:a:imember360:imember360:3.6.006
-
cpe:2.3:a:imember360:imember360:3.6.007
-
cpe:2.3:a:imember360:imember360:3.6.008
-
cpe:2.3:a:imember360:imember360:3.7.001
-
cpe:2.3:a:imember360:imember360:3.7.002
-
cpe:2.3:a:imember360:imember360:3.7.003
-
cpe:2.3:a:imember360:imember360:3.7.004
-
cpe:2.3:a:imember360:imember360:3.7.005
-
cpe:2.3:a:imember360:imember360:3.7.006
-
cpe:2.3:a:imember360:imember360:3.7.007
-
cpe:2.3:a:imember360:imember360:3.7.008
-
cpe:2.3:a:imember360:imember360:3.8.000
-
cpe:2.3:a:imember360:imember360:3.8.001
-
cpe:2.3:a:imember360:imember360:3.8.002
-
cpe:2.3:a:imember360:imember360:3.8.003
-
cpe:2.3:a:imember360:imember360:3.8.004
-
cpe:2.3:a:imember360:imember360:3.8.005
-
cpe:2.3:a:imember360:imember360:3.8.006
-
cpe:2.3:a:imember360:imember360:3.8.007
-
cpe:2.3:a:imember360:imember360:3.8.008
-
cpe:2.3:a:imember360:imember360:3.8.009
-
cpe:2.3:a:imember360:imember360:3.8.010
-
cpe:2.3:a:imember360:imember360:3.8.011
-
cpe:2.3:a:imember360:imember360:3.8.012
-
cpe:2.3:a:imember360:imember360:3.8.013
-
cpe:2.3:a:imember360:imember360:3.8.014
-
cpe:2.3:a:imember360:imember360:3.9.000