CVE-2014-9173

Google Doc Embedder <2.5.15 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-9173. PoCs published by Securely (Yoo Hee man), Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Google Document Embedder 2.5.16, bypassing mysql_real_escape_string via a crafted UNION-based payload to leak user data from the wp_users table.

Description

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.

Exploits (2)

exploitdb WORKING POC

by Securely (Yoo Hee man) · textwebappsphp

https://www.exploit-db.com/exploits/35447

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Google Document Embedder 2.5.16, bypassing mysql_real_escape_string via a crafted UNION-based payload to leak user data from the wp_users table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Google Document Embedder 2.5.16

No auth needed

Prerequisites: WordPress installation with vulnerable plugin · Access to the plugin's ~view.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Kacper Szurek · textwebappsphp

https://www.exploit-db.com/exploits/35371