CVE-2014-9445

Name of the Vulnerable Software and Affected Versions Installatron GQ File Manager version 0.2.5

Description The issue allows remote attackers to execute arbitrary SQL commands via the create parameter to "index.php". This can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error.

Recommendations For Installatron GQ File Manager version 0.2.5, consider restricting access to the create parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the create parameter to minimize the risk of exploitation.