Sign-up

ID

VAR-201412-0399


CVE

CVE-2014-9173


TITLE

WordPress for Google Doc Embedder Plug-in view.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005736

DESCRIPTION

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Google Doc Embedder Plugin 2.5.14 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Google Doc Embedder is one of the plugins that can embed MS Office, PDF and other file systems into web pages

Trust: 1.98

sources: NVD: CVE-2014-9173 // JVNDB: JVNDB-2014-005736 // BID: 71304 // VULHUB: VHN-77118

AFFECTED PRODUCTS

vendor:google doc embeddermodel:google doc embedderscope:lteversion:2.5.14

Trust: 1.0

vendor:google doc embeddermodel:google doc embedderscope:ltversion:2.5.15

Trust: 0.8

vendor:google doc embeddermodel:google doc embedderscope:eqversion:2.5.14

Trust: 0.6

sources: JVNDB: JVNDB-2014-005736 // CNNVD: CNNVD-201412-011 // NVD: CVE-2014-9173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9173
value: HIGH

Trust: 1.0

NVD: CVE-2014-9173
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201412-011
value: HIGH

Trust: 0.6

VULHUB: VHN-77118
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9173
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77118
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-77118 // JVNDB: JVNDB-2014-005736 // CNNVD: CNNVD-201412-011 // NVD: CVE-2014-9173

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-77118 // JVNDB: JVNDB-2014-005736 // NVD: CVE-2014-9173

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-011

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201412-011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005736

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-77118

PATCH
title:Top Pageurl:http://www.davistribe.org/gde/
Trust: 0.8
title:Changeset 1023572 for google-document-embedderurl:https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedder
Trust: 0.8
title:Google Doc Embedderurl:https://wordpress.org/plugins/google-document-embedder/
Trust: 0.8
title:gviewer.phpurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54418
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005736 // 
            
            
            
            CNNVD: CNNVD-201412-011

EXTERNAL IDS
db:NVDid:CVE-2014-9173
Trust: 2.8
db:EXPLOIT-DBid:35371
Trust: 1.7
db:OSVDBid:115044
Trust: 1.7
db:BIDid:71304
Trust: 1.0
db:JVNDBid:JVNDB-2014-005736
Trust: 0.8
db:CNNVDid:CNNVD-201412-011
Trust: 0.7
db:XFid:98944
Trust: 0.6
db:EXPLOIT-DBid:35447
Trust: 0.1
db:SEEBUGid:SSVID-88988
Trust: 0.1
db:VULHUBid:VHN-77118
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77118 // 
            
            
            
            BID: 71304 // 
            
            
            
            JVNDB: JVNDB-2014-005736 // 
            
            
            
            CNNVD: CNNVD-201412-011 // 
            
            
            
            NVD: CVE-2014-9173

REFERENCES
url:https://plugins.trac.wordpress.org/changeset/1023572/google-document-embedder
Trust: 1.7
url:http://www.exploit-db.com/exploits/35371
Trust: 1.7
url:http://security.szurek.pl/google-doc-embedder-2514-sql-injection.html
Trust: 1.7
url:http://osvdb.org/show/osvdb/115044
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98944
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9173
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9173
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/98944
Trust: 0.6
url:http://www.securityfocus.com/bid/71304
Trust: 0.6
sources:
            
            
            VULHUB: VHN-77118 // 
            
            
            
            JVNDB: JVNDB-2014-005736 // 
            
            
            
            CNNVD: CNNVD-201412-011 // 
            
            
            
            NVD: CVE-2014-9173

CREDITS
Kacper Szurek
Trust: 0.9
sources:
            
            
            BID: 71304 // 
            
            
            
            CNNVD: CNNVD-201412-011

SOURCES
db:VULHUBid:VHN-77118
db:BIDid:71304
db:JVNDBid:JVNDB-2014-005736
db:CNNVDid:CNNVD-201412-011
db:NVDid:CVE-2014-9173

LAST UPDATE DATE
2025-04-13T23:31:36.364000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77118date:2017-09-08T00:00:00
db:BIDid:71304date:2014-12-05T00:57:00
db:JVNDBid:JVNDB-2014-005736date:2014-12-03T00:00:00
db:CNNVDid:CNNVD-201412-011date:2014-12-09T00:00:00
db:NVDid:CVE-2014-9173date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-77118date:2014-12-02T00:00:00
db:BIDid:71304date:2014-11-11T00:00:00
db:JVNDBid:JVNDB-2014-005736date:2014-12-03T00:00:00
db:CNNVDid:CNNVD-201412-011date:2014-11-11T00:00:00
db:NVDid:CVE-2014-9173date:2014-12-02T16:59:09.557