CVE-2014-9173
published 2014-12-02CVE-2014-9173: SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.18%
91.4th percentile
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| google_doc_embedder_project | google_doc_embedder | <= 2.5.14 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection
exploitdb·2014-12-03
CVE-2014-9173 WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection
WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection
---
Exploit Title : Google Document Embedder 2.5.16 mysql_real_escpae_string bypass SQL Injection
Data : 2014 – 12 -03
Exploit Author : Securely (Yoo Hee man)
Plugin : google-document-embedder
Fixed version : N/A
Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip
1. Detail
- Google Document Embedder v2.5.14 have SQL Injection
- This Plugin v2.5.16 uses mysql_real_escape_string function has been patched to SQL Injection.
- but mysql_real_escape_string() function is bypass possible
- vulnerability file : /google-document-embedder/~view.php
50 // get profile
51 if ( isset( $_GET['gpid'] ) ) {
52 $gpid = mysql_real_escape_string( $_GET['gpid'] );
//mysq
Exploit-DB
WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection
exploitdb·2014-11-25
CVE-2014-9173 WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection
WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection
---
# Exploit Title: Google Doc Embedder 2.5.14 SQL Injection
# Date: 10-11-2014
# Exploit Author: Kacper Szurek - http://security.szurek.pl http://twitter.com/KacperSzurek
# Software Link: https://downloads.wordpress.org/plugin/google-document-embedder.2.5.14.zip
# Category: webapps
1. Description
$_GET['gpid'] is not escaped.
File: google-document-embedder\view.php
if ( isset( $_GET['gpid'] ) ) {
if ( $profile = gde_get_profile( $_GET['gpid'] ) ) {
$tb = $profile['tb_flags'];
$vw = $profile['vw_flags'];
$bg = $profile['vw_bgcolor'];
$css = $profile['vw_css'];
}
}
So we control $id.
File: google-document-embedder\view.php
function gde_get_profile( $id ) {
global $wpdb;
$table = $wpdb->prefix . 'gde_profiles';
$profil
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/115044http://security.szurek.pl/google-doc-embedder-2514-sql-injection.htmlhttp://www.exploit-db.com/exploits/35371https://exchange.xforce.ibmcloud.com/vulnerabilities/98944https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedderhttp://osvdb.org/show/osvdb/115044http://security.szurek.pl/google-doc-embedder-2514-sql-injection.htmlhttp://www.exploit-db.com/exploits/35371https://exchange.xforce.ibmcloud.com/vulnerabilities/98944https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedder
2014-12-02
Published