CVE-2014-9237

Pricertif E-Commerce 3.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-9237. PoCs published by BGA Security, Onur Alanbel (BGA).

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Proticaret E-Commerce Script v3.0 via a SOAP request. The PoC injects a malicious SQL query into the 'Code' parameter to extract password information from the database.

Description

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.

Exploits (2)

exploitdb WORKING POC
by BGA Security · textwebappsxml
https://www.exploit-db.com/exploits/35275

The exploit demonstrates an SQL injection vulnerability in Proticaret E-Commerce Script v3.0 via a SOAP request. The PoC injects a malicious SQL query into the 'Code' parameter to extract password information from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Proticaret E-Commerce Script v3.0
No auth needed
Prerequisites: Network access to the target SOAP endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Onur Alanbel (BGA) · textwebappsmultiple
https://www.exploit-db.com/exploits/35219

The exploit demonstrates an SQL injection vulnerability in Proticaret E-Commerce Script v3.0 via a SOAP request. The PoC extracts user passwords by manipulating the 'Code' parameter in the 'GetProductCodes' SOAP method.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Proticaret E-Commerce Script v3.0
No auth needed
Prerequisites: Network access to the SOAP endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0210
EPSS Percentile 79.4%

Details

CWE
CWE-89
Status published
Products (1)
proticaret/proticaret 3.0
Published Dec 03, 2014
Tracked Since Feb 18, 2026