CVE-2014-9095

Raritan Power IQ <4.2.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9095. PoCs published by Brandon Perry.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated SQL injection vulnerability in Raritan PowerIQ to gain administrative access and potentially achieve remote command execution via NTP server manipulation. It includes functionality to extract and reset admin credentials, though RCE is not fully achieved in the provided code.

Description

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.

Exploits (1)

exploitdb WORKING POC
by Brandon Perry · rubywebappslinux
https://www.exploit-db.com/exploits/34130

This Metasploit module exploits an unauthenticated SQL injection vulnerability in Raritan PowerIQ to gain administrative access and potentially achieve remote command execution via NTP server manipulation. It includes functionality to extract and reset admin credentials, though RCE is not fully achieved in the provided code.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Raritan PowerIQ v4.1.0
No auth needed
Prerequisites: Network access to the target · PostgreSQL backend
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60138
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/79
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68722

Scores

EPSS 0.0235
EPSS Percentile 81.4%

Details

CWE
CWE-89
Status published
Products (2)
raritan/power_iq 4.1.0
raritan/power_iq 4.2.1
Published Nov 26, 2014
Tracked Since Feb 18, 2026