Lucene search

PRIOn knowledge basePRION:CVE-2014-2737

HistoryApr 22, 2014 - 2:23 p.m.

Sql injection

2014-04-2214:23:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.4%

JSON

SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.

CPENameOperatorVersion
knowledgetreeeq3.5
knowledgetreeeq3.5.497
knowledgetreeeq3.5.2
knowledgetreeeq3.5.4
knowledgetreeeq3.6
knowledgetreele3.7.0.2
knowledgetreeeq3.7.0.1
knowledgetreeeq3.7

Name	Operator	Version
knowledgetree	eq	3.5
knowledgetree	eq	3.5.497
knowledgetree	eq	3.5.2
knowledgetree	eq	3.5.4
knowledgetree	eq	3.6
knowledgetree	le	3.7.0.2
knowledgetree	eq	3.7.0.1
knowledgetree	eq	3.7

References

www.securityfocus.com/archive/1/531886/100/0/threaded

www.securityfocus.com/bid/66988

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for PRION:CVE-2014-2737