Lucene search

[email protected]CVE-2014-2531

HistoryOct 21, 2014 - 4:55 p.m.

CVE-2014-2531

2014-10-2116:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-2531

sql injection vulnerability

interworx web control panel

interworx hosting control panel

interworx-cp

remote authenticated users

nvd

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.3%

JSON

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the “or” key in a pgn8state object in an i object in a JSON object.

CPENameOperatorVersion
interworx:web_control_panelinterworx web control panelle5.0.13

CPE	Name	Operator	Version
interworx:web_control_panel	interworx web control panel	le	5.0.13

References

forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21

www.exploit-db.com/exploits/32516

www.securityfocus.com/archive/1/531601/100/0/threaded

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVE-2014-2531

prion1 seebug1 securityvulns2 packetstorm1 cvelist1 zdt1 exploitpack1 exploitdb1