6.5 - CVE-2014-2531

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2014-2531	First vendor Publication	2014-10-21
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score	6.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2531

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Interworx Web Control Panel cpe:2.3:a:interworx:web_control_panel:5.0.12:::::::* cpe:2.3:a:interworx:web_control_panel:5.0.11:::::::* cpe:2.3:a:interworx:web_control_panel:5.0.10:::::::* cpe:2.3:a:interworx:web_control_panel:5.0:::::::* cpe:2.3:a:interworx:web_control_panel:3.0.2:::::::*	5

ExploitDB Exploits

id	Description
2014-03-26	InterWorx Control Panel 5.0.13 build 574 (xhr.php, i param) - SQL Injection

Sources (Detail)

http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on...

Source	Url
BUGTRAQ	http://www.securityfocus.com/archive/1/531601/100/0/threaded
EXPLOIT-DB	http://www.exploit-db.com/exploits/32516

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:45:14	Multiple Updates
2021-05-04 12:31:00	Multiple Updates
2021-04-22 01:37:33	Multiple Updates
2020-05-23 01:51:43	Multiple Updates
2020-05-23 00:40:35	Multiple Updates
2018-10-10 00:19:49	Multiple Updates
2018-08-14 00:19:31	Multiple Updates
2016-04-27 00:35:55	Multiple Updates
2014-10-24 21:23:33	Multiple Updates
2014-10-24 13:26:19	Multiple Updates
2014-10-23 05:31:41	Multiple Updates
2014-10-21 21:24:46	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	5
Sources(s)	3
ExploitDB Exploit(s)	1

6.5 - CVE-2014-2531

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

ExploitDB Exploits

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU