CVE-2014-9237

Pricertif E-Commerce 3.0 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.

Exploits (2)

exploitdb WORKING POC

by BGA Security · textwebappsxml

https://www.exploit-db.com/exploits/35275

View Code ZIP pw:eip

exploitdb WORKING POC

by Onur Alanbel (BGA) · textwebappsmultiple

https://www.exploit-db.com/exploits/35219

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/43

Scores

EPSS 0.0113

EPSS Percentile 78.5%

Details

CWE

CWE-89

Status published

Products (1)

proticaret/proticaret 3.0

Published Dec 03, 2014

Tracked Since Feb 18, 2026