CVE-2014-8731
CRITICALphpmemcachedadmin < 1.2.2 - Remote Code Execution via Serialized Data Filename Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-8731. PoCs published by sbani.
AI-analyzed exploit summary This PoC exploits CVE-2014-8731 in PHPMemcachedAdmin by leveraging path traversal and arbitrary file write to achieve remote code execution. It crafts a malicious cluster configuration to drop a PHP shell and execute arbitrary commands.
Description
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.
Exploits (1)
This PoC exploits CVE-2014-8731 in PHPMemcachedAdmin by leveraging path traversal and arbitrary file write to achieve remote code execution. It crafts a malicious cluster configuration to drop a PHP shell and execute arbitrary commands.
References (5)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H