CVE-2014-9445CVE-2014-9445

Affected configuration(s):

cpe:/a:installatron:gatequest_file_manager:0.2.5

Date published: 2015-01-02T15:59:03.647-05:00

Date last modified: 2017-09-07T21:29:34.917-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.exploit-db.com/exploits/35584

Summary: SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.