Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-9457. PoCs published by xd4rker dark.
AI-analyzed exploit summary The exploit describes a post-authentication SQL injection vulnerability in PMB <= 4.1.3 due to improper sanitization of the $notice_id variable in classes/mono_display.class.php. It provides a proof-of-concept URL and SQLMap usage instructions for exploitation.
Description
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.
Exploits (1)
The exploit describes a post-authentication SQL injection vulnerability in PMB <= 4.1.3 due to improper sanitization of the $notice_id variable in classes/mono_display.class.php. It provides a proof-of-concept URL and SQLMap usage instructions for exploitation.