Skip to main content

Mx Smartimer CVE-2014-5440

HIGH
SQL Injection (CWE-89)
2014-09-12 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 12, 2014 - 14:55 cve.org
HIGH 7.5

DescriptionCVE.org

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.

AnalysisAI

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter. Affected products include: Mpexsolutions Mx-Smartimer. Version information: before 13.19.18.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

Share

CVE-2014-5440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy