CVE-2014-5111

NUCLEI

Fonality trixbox - Path Traversal via Lang Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2014-5111. PoCs published by AtT4CKxT3rR0r1ST. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes multiple SQL injection and XSS vulnerabilities in ol-commerce 2.1.1, including a path traversal example for accessing /etc/passwd. However, it lacks actual exploit code or a proof-of-concept.

Description

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.

Exploits (4)

exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39350

The provided text describes multiple SQL injection and XSS vulnerabilities in ol-commerce 2.1.1, including a path traversal example for accessing /etc/passwd. However, it lacks actual exploit code or a proof-of-concept.

Classification
Writeup 80%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ol-commerce 2.1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39348

The provided text describes SQL injection and XSS vulnerabilities in ol-commerce 2.1.1, including a path traversal example for LFI. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ol-commerce 2.1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39351

The provided text describes a directory traversal vulnerability in ol-commerce 2.1.1, allowing unauthorized access to sensitive files like /etc/passwd. It also mentions SQL injection and XSS vulnerabilities but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ol-commerce 2.1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39349

The provided text describes a directory traversal vulnerability in ol-commerce 2.1.1, allowing an attacker to read arbitrary files (e.g., /etc/passwd) via a null-byte terminated path traversal in the 'lang' parameter. No actual exploit code is included, only a description and example URL.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ol-commerce 2.1.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Fonality trixbox - Local File Inclusion
MEDIUMby daffainfo

References (1)

Core 1

Scores

EPSS 0.6772
EPSS Percentile 98.6%

Details

CWE
CWE-22
Status published
Products (1)
netfortris/trixbox
Published Jul 28, 2014
Tracked Since Feb 18, 2026