Unrated severityNVD Advisory· Published Sep 12, 2014· Updated Jun 17, 2026
CVE-2014-2009
CVE-2014-2009
Description
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:mpay24_project:mpay24:1.4.0:*:*:*:*:prestashop:*:*+ 11 more
- cpe:2.3:a:mpay24_project:mpay24:1.4.0:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.1:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.2:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.3:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.4:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.5:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.6:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.7:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.8:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.4.9:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:1.5.0:*:*:*:*:prestashop:*:*
- cpe:2.3:a:mpay24_project:mpay24:*:*:*:*:*:prestashop:*:*range: <=1.5.1
- Range: <1.6
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Sep/23nvdExploit
- www.exploit-db.com/exploits/34586nvdExploit
- www.securityfocus.com/bid/69560nvdExploit
- osvdb.org/show/osvdb/110738nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95721nvd
News mentions
0No linked articles in our index yet.