← back
CVE-2014-2996

CVE-2014-2996

EPSS 10.2%
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/32790unverifiedexploitdbwww.exploit-db.com/exploits/32790unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.htbridge.com/advisory/HTB23207http://www.exploit-db.com/exploits/32790http://www.securityfocus.com/archive/1/531780/100/0/threaded