Published: 21/01/2014 Updated: 28/07/2015

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in managetimetracker.php in Collabtive prior to 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
o-dyn collabtive 0.6.2
o-dyn collabtive 0.6.1
o-dyn collabtive 0.6
o-dyn collabtive 0.5.5
o-dyn collabtive 0.1
o-dyn collabtive
o-dyn collabtive 1.0
o-dyn collabtive 0.7.6
o-dyn collabtive 0.7.5
o-dyn collabtive 0.4.7
o-dyn collabtive 0.4.6
o-dyn collabtive 0.4.5
o-dyn collabtive 0.4
o-dyn collabtive 0.3.6
o-dyn collabtive 0.6.5
o-dyn collabtive 0.6.3
o-dyn collabtive 0.5.1
o-dyn collabtive 0.4.9
o-dyn collabtive 0.3.5
o-dyn collabtive 0.2.5
o-dyn collabtive 0.7
o-dyn collabtive 0.6.4
o-dyn collabtive 0.4.9.1
o-dyn collabtive 0.4.8
o-dyn collabtive 0.3
o-dyn collabtive 0.2

##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+## || || || Advisory : Collabtive Sql Injection || || Affected Version : 11 || || Vendor : collabtiveo-dynde/indexphp ...

CWE-89 http://www.collabtive.o-dyn.de/blog/?p=621#more-621 http://www.exploit-db.com/exploits/30946 http://www.securityfocus.com/bid/64943 http://seclists.org/fulldisclosure/2014/Jan/72 http://packetstormsecurity.com/files/124777/Collabtive-1.1-SQL-Injection.html http://osvdb.org/102123 https://nvd.nist.gov https://www.exploit-db.com/exploits/30946/

CVE-2013-6872

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect