CVE-2014-2043

Procentia IntelliPen <1.1.18.1658 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2043. PoCs published by Portcullis.

AI-analyzed exploit summary The document describes a blind SQL injection vulnerability in Procentia IntelliPen version 1.1.12.1520, where the 'value' parameter in a specific URL is not sanitized, allowing authenticated attackers to exfiltrate database information. No exploit code is provided, only a detailed writeup.

Description

SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Portcullis · textwebappsasp
https://www.exploit-db.com/exploits/32212

The document describes a blind SQL injection vulnerability in Procentia IntelliPen version 1.1.12.1520, where the 'value' parameter in a specific URL is not sanitized, allowing authenticated attackers to exfiltrate database information. No exploit code is provided, only a detailed writeup.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Procentia IntelliPen 1.1.12.1520
Auth required
Prerequisites: Authenticated access to the application · Network access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/103
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531426/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32212

Scores

EPSS 0.0118
EPSS Percentile 63.6%

Details

CWE
CWE-89
Status published
Products (1)
procentia/intellipen < 1.1.12.1520
Published Mar 13, 2014
Tracked Since Feb 18, 2026