CVE-2014-9464

Microweber CMS <20141209 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9464. PoCs published by Pham Kien Cuong.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Microweber CMS 0.95 via the 'category' parameter in the shop module. The PoC provides a clear example of how an attacker can inject malicious SQL queries through the URL path.

Description

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.

Exploits (1)

exploitdb WORKING POC

by Pham Kien Cuong · textwebappsphp

https://www.exploit-db.com/exploits/35720

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Microweber CMS 0.95 via the 'category' parameter in the shop module. The PoC provides a clear example of how an attacker can inject malicious SQL queries through the URL path.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Microweber CMS 0.95

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch x_refsource_confirm

https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29

View Patch ZIP pw:eip

Exploit x_refsource_misc

https://www.youtube.com/watch?v=SSE8Xj_-QaQ

Scores

EPSS 0.0208

EPSS Percentile 79.1%

Details

CWE

CWE-89

Status published

Products (1)

microweber/microweber < 0.95

Published Jan 03, 2015

Tracked Since Feb 18, 2026