Published: 25/04/2014 Updated: 09/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xcloner xcloner

Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Version(s): 35 and probably prior Tested Version: 35 Advisory Publication: March 14, 2014 [without technical details] Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014 ...

XCloner Standalone version 35 suffers from a cross site request forgery vulnerability ...

CWE-352 https://www.htbridge.com/advisory/HTB23207 http://www.exploit-db.com/exploits/32790 http://www.securityfocus.com/bid/66751 http://www.securityfocus.com/archive/1/531780/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32790/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2579

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect