CVE-2014-2303

webEdition CMS <6.3.8-s1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2303. PoCs published by RedTeam Pentesting GmbH.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in webEdition CMS versions 6.3.3.0 through 6.3.8.0. It indicates that the application fails to sanitize user input, allowing attackers to manipulate SQL queries via the 'what' parameter in the 'we_fs.php' file.

Description

Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by RedTeam Pentesting GmbH · textwebappsphp
https://www.exploit-db.com/exploits/39206

The provided text describes an SQL injection vulnerability in webEdition CMS versions 6.3.3.0 through 6.3.8.0. It indicates that the application fails to sanitize user input, allowing attackers to manipulate SQL queries via the 'what' parameter in the 'we_fs.php' file.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: webEdition CMS 6.3.3.0 through 6.3.8.0 svn6985
No auth needed
Prerequisites: Access to the vulnerable webEdition CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.0257
EPSS Percentile 83.1%

Details

CWE
CWE-89
Status published
Products (3)
webedition/webedition_cms 6.2.7.0
webedition/webedition_cms 6.3.3.0
webedition/webedition_cms 6.3.8.0
Published Jun 13, 2014
Tracked Since Feb 18, 2026