Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2996

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2014-2996
Last Modified 28 Apr 2014 08:03:04
Published 25 Apr 2014 04:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2014-2996

Summary

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.

Vulnerable Systems

Application

  • Xcloner 3.5


References

MISC - https://www.htbridge.com/advisory/HTB23207

BUGTRAQ - 20140409 Сross-Site Request Forgery (CSRF) in XCloner Standalone

EXPLOIT-DB - 32790


Last Updated: 27 May 2016 11:05:06