CVE-2014-5093

CRITICAL

status2k - Insufficiently Protected Credentials via Unremoved Install Directory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5093.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides specific code snippets, attack vectors, and proof-of-concept examples for each CVE.

Description

Status2k does not remove the install directory allowing credential reset.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/34239

This is a detailed technical writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides specific code snippets, attack vectors, and proof-of-concept examples for each CVE.

Classification
Writeup 95%
Attack Type
Rce | Sqli | Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Status2k (all versions)
No auth needed
Prerequisites: Network access to the target application · For some exploits, admin panel access is required
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 9.8
EPSS 0.0380
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
status2k/status2k
Published Jan 10, 2020
Tracked Since Feb 18, 2026