Published: 20/10/2014 Updated: 21/11/2024

Status2k allows remote malicious users to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
status2k status2k -

# Exploit Title: Status2k Multiple Vulnerabilities/0days # Date: 6/20/2014 # Exploit Author: Shayan Sadigh (twittercom/r1pplex) | <ienjoyripples@gmailcom # Vendor Homepage: status2kcom/ # Version: All # Tested on: Linux/Windows # CVE : CVE-2014-5088, CVE-2014-5089, CVE-2014-5090, CVE-2014-5091, CVE-2014-5092, CVE-2014-5093, CVE-2014-5 ...

Status2k server monitoring software suffers from cross site scripting, remote command execution, information disclosure, and remote SQL injection vulnerabilities ...

CWE-200 https://nvd.nist.gov https://www.exploit-db.com/exploits/34239/https://www.first.org/epss http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95114 http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/95114

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5094

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect