CVE-2014-5090

Status2k - Code Injection

Title source: rule

Description

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/34239

View Code ZIP pw:eip

References (1)

[Exploit] http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html

Scores

EPSS 0.0610

EPSS Percentile 90.8%

Details

CWE

CWE-94

Status published

Products (1)

status2k/status2k

Published Aug 06, 2014

Tracked Since Feb 18, 2026