CVE-2014-2531
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
21/10/2014
Last modified:
12/04/2025
Description
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:interworx:web_control_panel:*:*:*:*:*:*:*:* | 5.0.13 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21
- http://www.exploit-db.com/exploits/32516
- http://www.securityfocus.com/archive/1/531601/100/0/threaded
- http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21
- http://www.exploit-db.com/exploits/32516
- http://www.securityfocus.com/archive/1/531601/100/0/threaded