CVE-2014-9347

phpMyRecipes 1.2.2 - SQL Injection via dosearch.php words_exact Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9347. PoCs published by bard.

AI-analyzed exploit summary This exploit demonstrates SQL injection in phpMyRecipes via the 'words_exact' parameter in dosearch.php, allowing an attacker to dump session data and modify user passwords. It automates the extraction of session IDs and associated user details, then optionally changes passwords for compromised accounts.

Description

SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.

Exploits (1)

exploitdb WORKING POC
by bard · pythonwebappsphp
https://www.exploit-db.com/exploits/35365

This exploit demonstrates SQL injection in phpMyRecipes via the 'words_exact' parameter in dosearch.php, allowing an attacker to dump session data and modify user passwords. It automates the extraction of session IDs and associated user details, then optionally changes passwords for compromised accounts.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: phpMyRecipes (version not specified)
No auth needed
Prerequisites: Network access to the target application · phpMyRecipes installed with vulnerable dosearch.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35365
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99005
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/115038

Scores

EPSS 0.0131
EPSS Percentile 67.0%

Details

CWE
CWE-89
Status published
Products (1)
phpmyrecipes_project/phpmyrecipes 1.2.2
Published Dec 08, 2014
Tracked Since Feb 18, 2026