CVE-2014-2996

Name of the Vulnerable Software and Affected Versions XCloner Standalone versions 3.5 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup comp parameter in a generate action to "index2.php". It is unclear whether this issue crosses privilege boundaries, as administrators may already have the privileges to execute code. This can be leveraged by remote attackers.

Recommendations For XCloner Standalone versions 3.5 and earlier, consider disabling the dbbackup comp parameter in the generate action to "index2.php" as a temporary workaround until a patch is available. Restrict access to the index2.php file to minimize the risk of exploitation. Avoid using the dbbackup comp parameter in the affected API endpoint until the issue is resolved.