CVE-2014-5470

CRITICAL

Actual Analyzer <2014-08-29 - Code Injection

Title source: llm

Description

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.

Exploits (2)

metasploit WORKING POC EXCELLENT

by Benjamin Harris, bcoles · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/35549

View Code ZIP pw:eip

References (2)

[Various Sources] https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/35549

Scores

CVSS v3 9.8

EPSS 0.7805

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-77

Status draft

Timeline

Published Jun 21, 2024

Tracked Since Feb 18, 2026