CVE-2014-9237
published 2014-12-03CVE-2014-9237: SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.10%
79.4th percentile
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proticaret | proticaret | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Proticaret E-Commerce Script 3.0 - SQL Injection (2)
exploitdb·2014-11-17
CVE-2014-9237 Proticaret E-Commerce Script 3.0 - SQL Injection (2)
Proticaret E-Commerce Script 3.0 - SQL Injection (2)
---
Document Title:
Proticaret E-Commerce Script v3.0 >= SQL Injection
Release Date:
13 Nov 2014
Product & Service Introduction:
Proticaret is a free e-commerce script.
Abstract Advisory Information:
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
Vulnerability Disclosure Timeline:
20 Oct 2014 : Contact with Vendor
20 Nov 2014 : Vendor Response
June 26, 2014 : Patch Released
13 Nov 2014 : Public Disclosure
Discovery Status:
Published
Affected Product(s):
Promist Bilgi İletişim Teknolojileri A.Ş
Product: Proticaret E-commerce Script v3.0 >=
Exploitation Technique:
Remote, Unauthenticated
Severity Level:
Critical
Technical Details & Description:
SQL Injection
Proof of Concept (P
Exploit-DB
Proticaret E-Commerce Script 3.0 - SQL Injection (1)
exploitdb·2014-11-13
CVE-2014-9237 Proticaret E-Commerce Script 3.0 - SQL Injection (1)
Proticaret E-Commerce Script 3.0 - SQL Injection (1)
---
Document Title:
Proticaret E-Commerce Script v3.0 >= SQL Injection
Release Date:
13 Nov 2014
Product & Service Introduction:
Proticaret is a free e-commerce script.
Abstract Advisory Information:
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
Vulnerability Disclosure Timeline:
20 Oct 2014 : Contact with Vendor
20 Nov 2014 : Vendor Response
June 26, 2014 : Patch Released
13 Nov 2014 : Public Disclosure
Discovery Status:
Published
Affected Product(s):
Promist Bilgi İletişim Teknolojileri A.Ş
Product: Proticaret E-commerce Script v3.0 >=
Exploitation Technique:
Remote, Unauthenticated
Severity Level:
Critical
Technical Details & Description:
SQL Injection
Proof of Concept (P
No writeups or analysis indexed.
2014-12-03
Published