CVE-2014-9185

Morfy CMS < 1.04 - Authenticated Static Code Injection via install.php site_url Parameter

Title source: llm
STIX 2.1

Description

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/70
Issue Tracking x_refsource_misc
https://github.com/Awilum/monstra-cms/issues/351
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534271/100/0/threaded

Scores

EPSS 0.0212
EPSS Percentile 79.6%

Details

CWE
CWE-94
Status published
Products (1)
morfy_cms_project/morfy_cms < 1.04
Published Dec 19, 2014
Tracked Since Feb 18, 2026