CVE-2014-4170

CRITICAL

ArticleFR 11.06.2014 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4170. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The advisory describes an improper access control vulnerability in ArticleFR (CVE-2014-4170) allowing arbitrary UPDATE SQL statements via the /data.php script. Exploitation requires no authentication and can grant administrative privileges by manipulating database records.

Description

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/34245

The advisory describes an improper access control vulnerability in ArticleFR (CVE-2014-4170) allowing arbitrary UPDATE SQL statements via the /data.php script. Exploitation requires no authentication and can grant administrative privileges by manipulating database records.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ArticleFR 11.06.2014 and prior
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/34245
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/95051
Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/bid/68980

Scores

CVSS v3 9.8
EPSS 0.4777
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
freereprintables/articlefr < 3.0.4
Published Feb 13, 2020
Tracked Since Feb 18, 2026