CVE-2014-3210
Booking System < 1.3 - Authenticated SQL Injection via booking_form_id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-3210. PoCs published by maodun.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in the Search Everything plugin for WordPress, specifically affecting versions prior to Booking System (Booking Calendar) 1.3. The vulnerability arises from insufficient input sanitization, allowing attackers to manipulate SQL queries via the 'booking_form_id' parameter.
Description
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
Exploits (1)
The provided text describes an SQL injection vulnerability in the Search Everything plugin for WordPress, specifically affecting versions prior to Booking System (Booking Calendar) 1.3. The vulnerability arises from insufficient input sanitization, allowing attackers to manipulate SQL queries via the 'booking_form_id' parameter.