CVE-2014-5094

status2k - Unauthenticated Sensitive Information Exposure via phpinfo Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5094. PoCs published by Shayan S.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides PoC examples and CVE assignments for each issue.

Description

Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.

Exploits (1)

exploitdb WRITEUP
by Shayan S · textwebappsphp
https://www.exploit-db.com/exploits/34239

This is a detailed writeup describing multiple vulnerabilities in Status2k software, including XSS, SQLi, command injection, RCE via eval() backdoor, template manipulation, design flaws, and information leaks. It provides PoC examples and CVE assignments for each issue.

Classification
Writeup 90%
Attack Type
Rce | Sqli | Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Status2k (all versions)
No auth needed
Prerequisites: Network access to the target application · For some exploits, admin panel access is required
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95114

Scores

EPSS 0.0554
EPSS Percentile 91.8%

Details

CWE
CWE-200
Status published
Products (1)
status2k/status2k
Published Oct 20, 2014
Tracked Since Feb 18, 2026