Lucene search
HistoryJan 21, 2014 - 3:17 p.m.
CVE-2013-6872
cve-2013-6872
sql injection
collabtive
vulnerability
remote authenticated user
arbitrary sql commands
managetimetracker.php
projectpdf action
8.1 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.3%
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
Affected configurations
Node
o-dyncollabtiveRange≤1.1
ORo-dyncollabtiveMatch0.1
ORo-dyncollabtiveMatch0.2
ORo-dyncollabtiveMatch0.2.5
ORo-dyncollabtiveMatch0.3
ORo-dyncollabtiveMatch0.3.5
ORo-dyncollabtiveMatch0.3.6
ORo-dyncollabtiveMatch0.4
ORo-dyncollabtiveMatch0.4.5
ORo-dyncollabtiveMatch0.4.6
ORo-dyncollabtiveMatch0.4.7
ORo-dyncollabtiveMatch0.4.8
ORo-dyncollabtiveMatch0.4.9
ORo-dyncollabtiveMatch0.4.9.1
ORo-dyncollabtiveMatch0.5.1
ORo-dyncollabtiveMatch0.5.5
ORo-dyncollabtiveMatch0.6
ORo-dyncollabtiveMatch0.6.1
ORo-dyncollabtiveMatch0.6.2
ORo-dyncollabtiveMatch0.6.3
ORo-dyncollabtiveMatch0.6.4
ORo-dyncollabtiveMatch0.6.5
ORo-dyncollabtiveMatch0.7
ORo-dyncollabtiveMatch0.7.5
ORo-dyncollabtiveMatch0.7.6
ORo-dyncollabtiveMatch1.0
Related
ubuntucve
ubuntucve
CVE-2013-6872
2014-01-21 00:00:00
prion
prion
Sql injection
2014-01-21 15:17:00
packetstorm
packetstorm
Collabtive 1.1 SQL Injection
2014-01-14 00:00:00
nvd
nvd
CVE-2013-6872
2014-01-21 15:17:06
cvelist
cvelist
CVE-2013-6872
2014-01-21 15:00:00
8.1 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.3%
Related for CVE-2013-6872