Description

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

Remediation

References

CVE-2014-3246

Related Vulnerabilities

WordPress Plugin BuddyPress Security Bypass (2.3.4)

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

Oracle Database Server Other Vulnerability (CVE-2007-2130)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)

MySQL CVE-2019-2630 Vulnerability (CVE-2019-2630)

Severity

Medium

Classification

CVE-2014-3246 CWE-138

Tags

Missing Update Known Vulnerabilities