CVE-2014-9095

Raritan Power IQ <4.2.1 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.

Exploits (1)

exploitdb WORKING POC

by Brandon Perry · rubywebappslinux

https://www.exploit-db.com/exploits/34130

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html

[Exploit] http://seclists.org/fulldisclosure/2014/Jul/79

[Third Party Advisory] http://secunia.com/advisories/60138

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68722

Scores

EPSS 0.0198

EPSS Percentile 83.6%

Details

CWE

CWE-89

Status published

Products (2)

raritan/power_iq 4.1.0

raritan/power_iq 4.2.1

Published Nov 26, 2014

Tracked Since Feb 18, 2026