Description

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

Remediation

References

CVE-2014-3246

Related Vulnerabilities

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)

WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)

Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1860)

mod_ssl Other Vulnerability (CVE-2004-0700)

Severity

Medium

Classification

CVE-2014-3246 CWE-138

Tags

Missing Update Known Vulnerabilities