Unrated severityNVD Advisory· Published Jan 2, 2015· Updated May 6, 2026
CVE-2014-9435
CVE-2014-9435
Description
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php.
Affected products
1- cpe:2.3:a:absolutengine:absolut_engine:1.73:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.