Lucene search

[email protected]CVE-2014-2996

HistoryApr 25, 2014 - 8:55 p.m.

CVE-2014-2996

2014-04-2520:55:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-2996

xcloner

standalone

arbitrary command execution

remote attackers

7.2 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.4%

JSON

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.

CPENameOperatorVersion
xcloner:xclonerxclonerle3.5

CPE	Name	Operator	Version
xcloner:xcloner	xcloner	le	3.5

References

www.exploit-db.com/exploits/32790

www.securityfocus.com/archive/1/531780/100/0/threaded

www.htbridge.com/advisory/HTB23207

7.2 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2014-2996

cvelist2 prion2 cve1 patchstack1 securityvulns2 exploitpack1 htbridge1 packetstorm1 zdt1 seebug1 wpvulndb1 exploitdb1