What is CVE-2014-9178?

CVE-2014-9178 is a vulnerability in Smartypantsplugins Sp_project_\&_document_manager, classified under SQL Injection. Published 2014-12-02.

Is CVE-2014-9178 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Smartypantsplugins Sp_project_\&_document_manager

CVE-2014-9178

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL comman…

Vulnerability class: SQL Injection

EPSS: 0.016 (82.3th percentile) — read the EPSS interpretation.

Affected products

Smartypantsplugins Sp_project_\&_document_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

35313 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
wp-spclient-sql-injection(98897) (vdb-entry, x_refsource_XF)
20141121 Multiple SQL Injection in SP Client Document Manager plugin (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-9178?: CVE-2014-9178 is a vulnerability in Smartypantsplugins Sp_project_\&_document_manager, classified under SQL Injection. Published 2014-12-02.
Is CVE-2014-9178 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.