Published: 25/04/2014 Updated: 09/10/2018

CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 715

Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C

XCloner Standalone 3.5 and previous versions, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xcloner xcloner

Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Version(s): 35 and probably prior Tested Version: 35 Advisory Publication: March 14, 2014 [without technical details] Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014 ...

CWE-94 https://www.htbridge.com/advisory/HTB23207 http://www.exploit-db.com/exploits/32790 http://www.securityfocus.com/archive/1/531780/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32790/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2996

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect