Published: 07/02/2020 Updated: 11/02/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
status2k status2k

# Exploit Title: Status2k Multiple Vulnerabilities/0days # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom # Vendor Homepage: status2kcom/ # Version: All # Tested on: Linux/Windows # CVE : CVE-2014-5088, CVE-2014-5089, CVE-2014-5090, CVE-2014-5091, CVE-2014-5092, CVE-2014-5093, CVE-2014-5 ...

Status2k server monitoring software suffers from cross site scripting, remote command execution, information disclosure, and remote SQL injection vulnerabilities ...

CWE-20 http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95111 http://www.exploit-db.com/exploits/34239 https://www.securityfocus.com/bid/69008 https://nvd.nist.gov https://www.exploit-db.com/exploits/34239/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5091

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect