Lucene search

[email protected]CVE-2014-9445

HistoryJan 02, 2015 - 8:59 p.m.

CVE-2014-9445

2015-01-0220:59:03

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

installatron gq file manager

remote attack

arbitrary commands

xss

cross-site scripting

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

Affected configurations

NVD

Node

installatrongatequest_file_managerMatch0.2.5

CPENameOperatorVersion
installatron:gatequest_file_managerinstallatron gatequest file managereq0.2.5

CPE	Name	Operator	Version
installatron:gatequest_file_manager	installatron gatequest file manager	eq	0.2.5

References

www.exploit-db.com/exploits/35584

exchange.xforce.ibmcloud.com/vulnerabilities/99365

exchange.xforce.ibmcloud.com/vulnerabilities/99366

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

Related for CVE-2014-9445

cvelist4 nvd4 prion4 cve3 zdt2 exploitpack2 packetstorm2 exploitdb2