How severe is CVE-2014-2579?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2014-2579?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2014-2579 - HIGH Severity | CVSS 7.6

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.

Related Vulnerabilities

CVE-2017-5145

CRITICAL

CVSS:10.0(Critical)

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulne...

CWE-3522017

CVE-2019-3809

CRITICAL

CVSS:10.0(Critical)

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Bad...

CWE-3522019

CVE-2025-23922

CRITICAL

CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.

CWE-3522025

CVE-2025-32642

CRITICAL

CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.

CWE-3522025

CVE-2018-1712

CRITICAL

CVSS:9.9(Critical)

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentia...

CWE-3522018

CVE-2016-9866

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4...

CWE-3522016