cbcvebase.
CVE-2014-2996
published 2014-04-25

CVE-2014-2996: XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via…

PriorityP351high7.1CVSS 2.0
AVNACHAuSCCICAC
EXPLOIT
EPSS
10.19%
95.1th percentile
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.

Affected

1 ranges
VendorProductVersion rangeFixed in
xclonerxcloner<= 3.5
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.