Vulnerabilities > Status2K > Status2K
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-07 | CVE-2014-5091 | Improper Input Validation vulnerability in Status2K A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | 10.0 |
2020-01-10 | CVE-2014-5093 | Insufficiently Protected Credentials vulnerability in Status2K Status2k does not remove the install directory allowing credential reset. | 5.0 |
2020-01-10 | CVE-2014-5092 | Improper Input Validation vulnerability in Status2K Status2k allows Remote Command Execution in admin/options/editpl.php. | 6.5 |
2014-10-20 | CVE-2014-5094 | Information Exposure vulnerability in Status2K Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | 5.0 |
2014-08-06 | CVE-2014-5090 | Code Injection vulnerability in Status2K admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | 6.5 |
2014-08-06 | CVE-2014-5089 | SQL Injection vulnerability in Status2K SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | 7.5 |
2014-08-06 | CVE-2014-5088 | Cross-Site Scripting vulnerability in Status2K Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. | 4.3 |