CVE Tools
Sign in

CVE-2014-2579

Published: Apr 25, 2014Updated: May 6, 2026 Sources: CVE List NVDCWE-352
NVD MITRE
7.6CVSSHIGH
EPSS Score
6.2%
Top 7.4%
CISA KEV
Not in KEV
Exploits
1 Known
Remediation
No Fix Available
Am I actually vulnerable?2 Nuclei templates available — see how to check your systems. How to verify

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.

CVSS Vector Breakdown

AV:NAC:HAu:NC:CI:CA:C
Exploitability
AV:NAccess Vector
Network
AC:HAccess Complexity
High
Au:NAuthentication
None
Impact
C:CConfidentiality
Complete
I:CIntegrity
Complete
A:CAvailability
Complete
Open in CVSS calculator →

Weaknesses

CWE-352

Affected Products

n/an/a
xclonerxcloner
On-prem
Consumer Software / file-utility
xclonercommercialConsumer Softwareaka xcloner

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

MITRE ATT&CK

1 technique
Initial Access
View detailed technique mapping

References

https://www.htbridge.com/advisory/HTB23207
htbridge.com
http://www.exploit-db.com/exploits/32790
exploit-db.com
http://www.securityfocus.com/bid/66751
securityfocus.com
and 1 more references View all →

Timeline

Published
Apr 25, 2014
Last Updated
May 6, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2014-2579 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows