Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-5297

Description

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

x2community.com/topic/1804-important-security-patch/nvdPatch
karmainsecurity.com/KIS-2014-09nvdExploit
packetstormsecurity.com/files/128352/X2Engine-4.1.7-PHP-Object-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2014/Sep/77nvdExploit
www.securityfocus.com/archive/1/533513/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000