Multiple SQL injection vulnerabilities in TeamPass prior to 2.1.20 allow remote malicious users to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teampass teampass 2.1.5 |
||
teampass teampass 2.1.18 |
||
teampass teampass 2.1.14 |
||
teampass teampass 2.1.3 |
||
teampass teampass 2.1.2 |
||
teampass teampass 2.1.1 |
||
teampass teampass |
||
teampass teampass 2.1.10 |
||
teampass teampass 2.1 |
||
teampass teampass 2.1.4 |
||
teampass teampass 2.1.19 |
||
teampass teampass 2.1.15 |
||
teampass teampass 2.1.13 |