Description
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Input Validation Vulnerability (CVE-2011-0003)
Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.6)
WordPress Plugin WordPress Download Manager Multiple Security Bypass Vulnerabilities (2.6.92)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)