CVE-2014-3962

Videos Tube 1.0 - SQL Injection via URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3962. PoCs published by Mustafa ALTINKAYNAK.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Videos Tube software version 1.0, specifically in the 'videocat.php' and 'single.php' endpoints. It mentions the use of SQLMap for exploitation but does not include actual exploit code.

Description

Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mustafa ALTINKAYNAK · textwebappsphp
https://www.exploit-db.com/exploits/33514

The provided text describes SQL injection vulnerabilities in Videos Tube software version 1.0, specifically in the 'videocat.php' and 'single.php' endpoints. It mentions the use of SQLMap for exploitation but does not include actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Videos Tube 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoints · SQLMap or similar tool for exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33514
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58844
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67766

Scores

EPSS 0.0235
EPSS Percentile 81.5%

Details

CWE
CWE-89
Status published
Products (1)
videos_tube_project/videos_tube 1.0
Published Jun 04, 2014
Tracked Since Feb 18, 2026