Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9445

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9445
Last Modified 06 Apr 2015 12:55:14
Published 02 Jan 2015 03:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9445

Summary

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

Vulnerable Systems

Application

  • Installatron Gatequest File Manager 0.2.5

  • Installatron Gq File Manager 0.2.5


References

XF - gqfilemanager-index-sql-injection(99366)

XF - gqfilemanager-editinc-xss(99365)

EXPLOIT-DB - 35584


Last Updated: 27 May 2016 11:08:18