CVE-2014-3848

Imember360 < 3.9.000 - Access Control

Title source: rule

Description

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.

Exploits (1)

exploitdb WRITEUP

by Everett Griffiths · textwebappsphp

https://www.exploit-db.com/exploits/33076

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33076

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/106298

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Apr/265

Various Sources x_refsource_confirm

http://releases.imember360.com/

Scores

EPSS 0.1533

EPSS Percentile 94.7%

Details

CWE

CWE-264

Status published

Products (1)

imember360/imember360 < 3.9.000

Published May 23, 2014

Tracked Since Feb 18, 2026