Description

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

Remediation

References

CVE-2013-6872

Related Vulnerabilities

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)

MySQL Other Vulnerability (CVE-2004-0835)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43713)

WordPress Plugin BigBlueButton Cross-Site Scripting (2.2.3)

Severity

Medium

Classification

CVE-2013-6872 CWE-138

Tags

Missing Update Known Vulnerabilities