Description

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

Remediation

References

CVE-2014-3246

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2011-0014)

PHP Other Vulnerability (CVE-2011-0421)

WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.6.8)

Severity

Medium

Classification

CVE-2014-3246 CWE-138

Tags

Missing Update Known Vulnerabilities