CVE-2014-8877

CreativeMinds CM Downloads Manager <2.0.4 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8877. PoCs published by Phi Ngoc Le.

AI-analyzed exploit summary This exploit demonstrates a code injection vulnerability in the WordPress CM Download Manager plugin (version 2.0.0 and earlier). The vulnerability allows an unauthenticated attacker to inject arbitrary PHP code via the 'CMDsearch' parameter, leading to remote code execution (RCE).

Description

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

Exploits (1)

exploitdb WORKING POC
by Phi Ngoc Le · textwebappsphp
https://www.exploit-db.com/exploits/35324

This exploit demonstrates a code injection vulnerability in the WordPress CM Download Manager plugin (version 2.0.0 and earlier). The vulnerability allows an unauthenticated attacker to inject arbitrary PHP code via the 'CMDsearch' parameter, leading to remote code execution (RCE).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress CM Download Manager plugin <= 2.0.0
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
https://downloadsmanager.cminds.com/release-notes/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71204
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534037/100/0/threaded

Scores

EPSS 0.1480
EPSS Percentile 96.3%

Details

CWE
CWE-94
Status published
Products (4)
creative_minds/cm_download_manager 2.0.0
creative_minds/cm_download_manager 2.0.1
creative_minds/cm_download_manager 2.0.2
creative_minds/cm_download_manager < 2.0.3
Published Dec 05, 2014
Tracked Since Feb 18, 2026