CVE-2014-2008

mpay24 < 1.6 - SQL Injection via TID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2008. PoCs published by Wireghoul.

AI-analyzed exploit summary The document describes two vulnerabilities in the Mpay24 PrestaShop Payment Module: a blind SQL injection (CVE-2014-2008) and an information disclosure issue (CVE-2014-2009). The SQL injection allows database extraction via crafted requests, while the information disclosure exposes API credentials and local paths through an accessible log file.

Description

SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.

Exploits (1)

exploitdb WRITEUP

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/34586

View Code ZIP pw:eip

The document describes two vulnerabilities in the Mpay24 PrestaShop Payment Module: a blind SQL injection (CVE-2014-2008) and an information disclosure issue (CVE-2014-2009). The SQL injection allows database extraction via crafted requests, while the information disclosure exposes API credentials and local paths through an accessible log file.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mpay24 Payment Module for PrestaShop 1.5 and earlier

No auth needed

Prerequisites: Mpay24 module installed on PrestaShop · For info_leak: debug mode enabled (default until version 1.6)

MITRE ATT&CK

T1189 - Drive-by Compromise T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Patch x_refsource_misc

http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html

Exploit, Patch exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34586

Exploit, Patch mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Sep/23

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/110737

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95720

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69560

Scores

EPSS 0.0264

EPSS Percentile 83.6%

Details

CWE

CWE-89

Status published

Products (12)

mpay24_project/mpay24 1.4.0

mpay24_project/mpay24 1.4.1

mpay24_project/mpay24 1.4.2

mpay24_project/mpay24 1.4.3

mpay24_project/mpay24 1.4.4

mpay24_project/mpay24 1.4.5

mpay24_project/mpay24 1.4.6

mpay24_project/mpay24 1.4.7

mpay24_project/mpay24 1.4.8

mpay24_project/mpay24 1.4.9

... and 2 more

Published Sep 12, 2014

Tracked Since Feb 18, 2026