CVE-2014-1137
published 2015-01-02CVE-2014-1137: SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
EXPLOIT
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codiad | codiad | — | — |
| installatron | gatequest_file_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g8hh-vx96-cp8q: Cross-site scripting (XSS) vulnerability in components/filemanager/dialog
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2014-9582 [HIGH] CWE-79 GHSA-g8hh-vx96-cp8q: Cross-site scripting (XSS) vulnerability in components/filemanager/dialog
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
GHSA
GHSA-pcxg-9mqj-2f8c: Directory traversal vulnerability in components/filemanager/download
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2014-9581 [HIGH] CWE-22 GHSA-pcxg-9mqj-2f8c: Directory traversal vulnerability in components/filemanager/download
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
GHSA
GHSA-rgqg-rv88-c9g3: SQL injection vulnerability in incl/create
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2014-9445 [HIGH] CWE-89 GHSA-rgqg-rv88-c9g3: SQL injection vulnerability in incl/create
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
No detection rules found.
Exploit-DB
GQ File Manager 0.2.5 - Multiple Vulnerabilities
exploitdb·2014-12-19·CVSS 7.5
CVE-2014-9445 [HIGH] GQ File Manager 0.2.5 - Multiple Vulnerabilities
GQ File Manager 0.2.5 - Multiple Vulnerabilities
---
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
# Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://installatron.com/phpfilemanager
# Vendor Name: GQ File Manager
# Version: 0.2.5
# CVE: CVE-2014-1137
# Author: TaurusOmar
# Tiwtter: @TaurusOmar_
# Email: [email protected]
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High
Description
GQ File Manager is a lightweight file manager that enables files to be uploaded to and downloaded from a server directory. GQ File Manager is great for creating and maintaining a simple cloud-based repository of files that can be accessed from anywhere on the Internet.
+ CROSS SITE SCRIPTIN
Exploit-DB
Codiad 2.4.3 - Multiple Vulnerabilities
exploitdb·2014-12-19·CVSS 7.5
CVE-2014-9582 [HIGH] Codiad 2.4.3 - Multiple Vulnerabilities
Codiad 2.4.3 - Multiple Vulnerabilities
---
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
# Exploit Title: Codiad 2.4.3 - Cross Site Scripting - Local File Inclusion Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://codiad.com/
# Vendor Name: Codiad
# Version: 2.4.3
# CVE: CVE-2014-1137
# Author: TaurusOmar
# Tiwtter: @TaurusOmar_
# Email: [email protected]
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High
Description
Codiad is a web-based IDE framework with a small footprint and minimal requirements.
Codiad was built with simplicity in mind, allowing for fast, interactive development without the massive overhead of some of the larger desktop editors. That being said even users of IDE's such as Eclipse, NetBeans and Aptana are finding Cod
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/35584https://exchange.xforce.ibmcloud.com/vulnerabilities/99365https://exchange.xforce.ibmcloud.com/vulnerabilities/99366http://www.exploit-db.com/exploits/35584https://exchange.xforce.ibmcloud.com/vulnerabilities/99365https://exchange.xforce.ibmcloud.com/vulnerabilities/99366
2015-01-02
Published