SQL Injection Vulnerability in iTechClassifieds by iTech Solutions
CVE-2014-100020

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Itechclassifieds
Vendor: CVE Published:; 13 January 2015

🔔 Create Itechscripts Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-100020?

A SQL injection flaw exists in ChangeEmail.php within iTechClassifieds version 3.03.057, enabling remote attackers to execute arbitrary SQL queries through the PreviewNum parameter. This vulnerability compromises the application's database integrity and may lead to unauthorized data access. It's notable that the CatID parameter's vulnerabilities have been previously documented and are not covered by this description.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-100020 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90683

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/65089

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/31140

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 13, 2015
👾
Exploit known to exist
Jan 13, 2015
Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015

CVE-2014-100020 Data

JSON