CVE-2014-3757

phpmanufaktur kitform < 0.43 - SQL Injection via sorter_value Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3757. PoCs published by chapp.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in phpManufaktur kitForm <= 0.43 via the 'sorter_value' parameter in sorter.php. The PoC sends a malicious POST request with a SQL injection payload to extract database content.

Description

SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.

Exploits (1)

exploitdb WORKING POC
by chapp · textwebappsphp
https://www.exploit-db.com/exploits/32983

This exploit demonstrates a SQL injection vulnerability in phpManufaktur kitForm <= 0.43 via the 'sorter_value' parameter in sorter.php. The PoC sends a malicious POST request with a SQL injection payload to extract database content.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpManufaktur kitForm <= 0.43
No auth needed
Prerequisites: Target running vulnerable version of kitForm · Network access to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67000
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/249

Scores

EPSS 0.0138
EPSS Percentile 68.8%

Details

CWE
CWE-89
Status published
Products (34)
phpmanufaktur/kitform 0.10
phpmanufaktur/kitform 0.11
phpmanufaktur/kitform 0.12
phpmanufaktur/kitform 0.13
phpmanufaktur/kitform 0.14
phpmanufaktur/kitform 0.15
phpmanufaktur/kitform 0.16
phpmanufaktur/kitform 0.17
phpmanufaktur/kitform 0.18
phpmanufaktur/kitform 0.19
... and 24 more
Published May 15, 2014
Tracked Since Feb 18, 2026