Published: 06/08/2014 Updated: 21/11/2024

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
status2k status2k -

# Exploit Title: Status2k Multiple Vulnerabilities/0days # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom # Vendor Homepage: status2kcom/ # Version: All # Tested on: Linux/Windows # CVE : CVE-2014-5088, CVE-2014-5089, CVE-2014-5090, CVE-2014-5091, CVE-2014-5092, CVE-2014-5093, CVE-2014-5 ...

Status2k server monitoring software suffers from cross site scripting, remote command execution, information disclosure, and remote SQL injection vulnerabilities ...

CWE-89 https://nvd.nist.gov https://www.exploit-db.com/exploits/34239/https://www.first.org/epss http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5089

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect