Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-3961. PoCs published by Yarubo Research Team.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated SQL injection vulnerability in Participants Database for WordPress <= 1.5.4.8. The 'export CSV' action allows arbitrary SQL execution via the 'query' parameter, enabling an attacker to create an admin user or perform other malicious database operations.
Description
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Exploits (1)
This exploit demonstrates an unauthenticated SQL injection vulnerability in Participants Database for WordPress <= 1.5.4.8. The 'export CSV' action allows arbitrary SQL execution via the 'query' parameter, enabling an attacker to create an admin user or perform other malicious database operations.