Description

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

Remediation

References

CVE-2013-6872

Related Vulnerabilities

WordPress Plugin WPGateway Privilege Escalation (3.5)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-8390)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3658)

WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.6.2)

WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)

Severity

Medium

Classification

CVE-2013-6872 CWE-138

Tags

Missing Update Known Vulnerabilities