CVE-2014-8731

CRITICAL

PHPMemcachedAdmin <1.2.2 - RCE

Title source: llm

Description

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.

Exploits (1)

nomisec WORKING POC

by sbani · poc

https://github.com/sbani/CVE-2014-8731-PoC

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/129089/PHPMemcachedAdmin-1.2.2-Remote-Code-Execution.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71059

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98638

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/533968/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/533980/100/0/threaded

Scores

CVSS v3 9.8

EPSS 0.4714

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Affected Products (1)

phpmemcachedadmin_project/phpmemcachedadmin < 1.2.2

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026