Back to search
CVE-2014-9445
Published: Jan 2, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
gqfilemanager-index-sql-injection(99366)
vdb-entry
x_refsource_XF
35584
exploit
x_refsource_EXPLOIT-DB
gqfilemanager-editinc-xss(99365)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now