Exploitation Summary
EIP tracks 2 public exploits for CVE-2014-2934. PoCs published by Thomas Fischer.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Caldera's printers.php page. The PoC uses a UNION-based SQLi to extract data, leveraging unsanitized input in the 'tr' parameter.
Description
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
Exploits (2)
This exploit demonstrates a SQL injection vulnerability in Caldera's printers.php page. The PoC uses a UNION-based SQLi to extract data, leveraging unsanitized input in the 'tr' parameter.
This exploit demonstrates a SQL injection vulnerability in Caldera's 'jobs.php' endpoint, allowing an attacker to extract sensitive data (e.g., admin password) via a UNION-based attack. The PoC provides a direct URL with a malicious SQL query.