Status2k
by Status2k
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5091 | Cri | 0.68 | 9.8 | 0.15 | Feb 7, 2020 | A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | ||
| CVE-2014-5093 | Cri | 0.67 | 9.8 | 0.04 | Jan 10, 2020 | Status2k does not remove the install directory allowing credential reset. | ||
| CVE-2014-5092 | Hig | 0.61 | 8.8 | 0.07 | Jan 10, 2020 | Status2k allows Remote Command Execution in admin/options/editpl.php. | ||
| CVE-2014-5094 | 0.03 | — | 0.06 | Oct 20, 2014 | Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | |||
| CVE-2014-5090 | 0.03 | — | 0.03 | Aug 6, 2014 | admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | |||
| CVE-2014-5089 | 0.03 | — | 0.01 | Aug 6, 2014 | SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||
| CVE-2014-5088 | 0.03 | — | 0.01 | Aug 6, 2014 | Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. |
- risk 0.68cvss 9.8epss 0.15
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
- risk 0.67cvss 9.8epss 0.04
Status2k does not remove the install directory allowing credential reset.
- risk 0.61cvss 8.8epss 0.07
Status2k allows Remote Command Execution in admin/options/editpl.php.
- CVE-2014-5094Oct 20, 2014risk 0.03cvss —epss 0.06
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
- CVE-2014-5090Aug 6, 2014risk 0.03cvss —epss 0.03
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
- CVE-2014-5089Aug 6, 2014risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
- CVE-2014-5088Aug 6, 2014risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.