← back
CVE-2014-3119

CVE-2014-3119

EPSS 1.7%
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/33818unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/web2project/web2project/commit/ab5ba92a6aaf0435cd0b2132cf7f9b7b41575a28https://github.com/web2project/web2project/commit/eead99b36f62a8222d9f3a913f1a2268200687efhttps://www.htbridge.com/advisory/HTB23213