CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

🔗 References (12)

• cve@mitrehttp://osvdb.org/102123
• cve@mitrehttp://packetstormsecurity.com/files/124777/Collabtive-1.1-SQL-Injection.html
• cve@mitrehttp://seclists.org/fulldisclosure/2014/Jan/72
• cve@mitrehttp://www.collabtive.o-dyn.de/blog/?p=621#more-621
• cve@mitrehttp://www.exploit-db.com/exploits/30946
• cve@mitrehttp://www.securityfocus.com/bid/64943
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102123
• af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/124777/Collabtive-1.1-SQL-Injection.html
• af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Jan/72
• af854a3a-2127-422b-91ae-364da2661108http://www.collabtive.o-dyn.de/blog/?p=621#more-621
• af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/30946
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64943