CVE-2014-5092

HIGH

status2k - Remote Command Execution via admin/options/editpl.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5092.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, and information leaks. It provides specific code snippets, attack vectors, and PoC examples for each CVE.

Description

Status2k allows Remote Command Execution in admin/options/editpl.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/34239

This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, and information leaks. It provides specific code snippets, attack vectors, and PoC examples for each CVE.

Classification
Writeup 90%
Attack Type
Rce | Sqli | Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Status2k (all versions)
No auth needed
Prerequisites: Network access to the target application · For some exploits, admin panel access is required
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 8.8
EPSS 0.0711
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
status2k/status2k
Published Jan 10, 2020
Tracked Since Feb 18, 2026