CVE-2015-4614

easy2map < 1.2.4 - SQL Injection via mapName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4614. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary The exploit demonstrates SQL injection and directory traversal vulnerabilities in the easy2map WordPress plugin v1.24. It uses sqlmap to exploit unsanitized input in the 'mapID' and 'mapName' parameters, and highlights a path traversal issue in MapPinImageSave.php.

Description

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.

Exploits (1)

exploitdb WORKING POC
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/37534

The exploit demonstrates SQL injection and directory traversal vulnerabilities in the easy2map WordPress plugin v1.24. It uses sqlmap to exploit unsanitized input in the 'mapID' and 'mapName' parameters, and highlights a path traversal issue in MapPinImageSave.php.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: easy2map WordPress plugin v1.24
Auth required
Prerequisites: WordPress installation with easy2map plugin v1.24 · Valid admin session cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37534/
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jul/18
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535922/100/0/threaded

Scores

EPSS 0.0525
EPSS Percentile 91.5%

Details

CWE
CWE-89
Status published
Products (1)
easy2map_project/easy2map < 1.2.4
Published Jul 08, 2015
Tracked Since Feb 18, 2026