Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution



Description
CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

Affects Plugin

fixed in version 0.9.8.6
- plugin closed

References

CVE 2015-3173
URL https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter Iain Wallace
Submitter Website http://strawp.net
Submitter Twitter strawp
Views 4358
Verified No
WPVDB ID 8077

Timeline

Publicly Published 2015-05-21 (about 5 years ago)
Added 2015-07-06 (about 5 years ago)
Last Updated 2019-10-31 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin