Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution



Description
CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

Affects Plugin

fixed in version 0.9.8.6

References

CVE 2015-3173
URL https://www.nettitude.co.uk/custom-content-type-manager-remote-code-execution/

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter Iain Wallace
Submitter Website http://strawp.net
Submitter Twitter strawp
Views 308
Verified No
WPVDB ID 8077

Timeline

Publicly Published 2015-05-21 (over 3 years ago)
Added 2015-07-06 (about 3 years ago)
Last Updated 2015-07-06 (about 3 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.