CVE-2014-5090 Information

Description

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.

Reference

http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html