Description

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

Remediation

References

CVE-2013-6872

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5644)

MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50080)

Ruby Improper Authentication Vulnerability (CVE-2017-10784)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7132)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10802)

Severity

Medium

Classification

CVE-2013-6872 CWE-138

Tags

Missing Update Known Vulnerabilities