CVE-2014-5089

status2k - Authenticated SQL Injection via log Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5089.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides specific code snippets, attack vectors, and proof-of-concept examples for each CVE.

Description

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/34239

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides specific code snippets, attack vectors, and proof-of-concept examples for each CVE.

Classification

Writeup 90%

Attack Type

Rce | Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Status2k (all versions)

No auth needed

Prerequisites: Network access to the target application · For some exploits, admin panel access is required

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html

Scores

EPSS 0.0123

EPSS Percentile 64.9%

Details

CWE

CWE-89

Status published

Products (1)

status2k/status2k

Published Aug 06, 2014

Tracked Since Feb 18, 2026