655
VMScore

CVE-2014-5090

Published: 06/08/2014 Updated: 07/08/2014
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.

Affected Products

Vendor Product Versions
Status2kStatus2k-

Exploits

# Exploit Title: Status2k Multiple Vulnerabilities/0days # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom # Vendor Homepage: status2kcom/ # Version: All # Tested on: Linux/Windows # CVE : CVE-2014-5088, CVE-2014-5089, CVE-2014-5090, CVE-2014-5091, CVE-2014-5092, CVE-2014-5093, CVE-2014-5 ...

Mailing Lists

Status2k server monitoring software suffers from cross site scripting, remote command execution, information disclosure, and remote SQL injection vulnerabilities ...