CVE-2014-10020

Tecorange Simple E-document - SQL Injection

Title source: rule

Description

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC

by vinicius777 · textwebappsphp

https://www.exploit-db.com/exploits/31142

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90711

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/102458

Exploit x_refsource_misc

http://packetstormsecurity.com/files/124914

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/31142

Scores

EPSS 0.0096

EPSS Percentile 76.6%

Details

CWE

CWE-89

Status published

Products (1)

tecorange/simple_e-document 1.31

Published Jan 13, 2015

Tracked Since Feb 18, 2026