CVE-2014-9185
Morfy CMS < 1.04 - Authenticated Static Code Injection via install.php site_url Parameter
Title source: llmDescription
Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.
References (5)
Core 5
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/70
Exploit x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=1367
Issue Tracking x_refsource_misc
https://github.com/Awilum/monstra-cms/issues/351
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534271/100/0/threaded
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129624/Morfy-CMS-1.05-Remote-Command-Execution.html
Scores
EPSS
0.0212
EPSS Percentile
79.6%
Details
CWE
CWE-94
Status
published
Products (1)
morfy_cms_project/morfy_cms
< 1.04
Published
Dec 19, 2014
Tracked Since
Feb 18, 2026