Description
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Auctions 'wpa_id' Parameter SQL Injection (1.8.8)
WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Request Forgery (5.2.5)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3167)
WordPress Plugin xPinner Lite Multiple Vulnerabilities (2.2)