← back
CVE-2014-2531

CVE-2014-2531

EPSS 1.1%
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/32516unverifiedexploitdbwww.exploit-db.com/exploits/32516unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21http://www.exploit-db.com/exploits/32516http://www.securityfocus.com/archive/1/531601/100/0/threaded