CVE-2014-4944

BSK PDF Manager 1.3.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4944. PoCs published by Claudio Viviani.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in the BSK PDF Manager WordPress plugin, with example URLs demonstrating the exploitation method. It lacks executable code but provides clear technical details on the vulnerability.

Description

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Claudio Viviani · textwebappsphp

https://www.exploit-db.com/exploits/39240

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in the BSK PDF Manager WordPress plugin, with example URLs demonstrating the exploitation method. It lacks executable code but provides clear technical details on the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: BSK PDF Manager 1.3.2

Auth required

Prerequisites: Access to WordPress admin interface · Valid session or authentication credentials

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/68488

Exploit x_refsource_misc

http://packetstormsecurity.com/files/127407/WordPress-BSK-PDF-Manager-1.3.2-SQL-Injection.html

Scores

EPSS 0.0355

EPSS Percentile 87.8%

Details

CWE

CWE-89

Status published

Products (1)

bannersky/bsk_pdf_manager 1.3.2

Published Jul 14, 2014

Tracked Since Feb 18, 2026