CVE-2008-3887
CVE-2008-3887 affects dotProject 2.1.2, specifically SQL injection in index.php. The vulnerabilities allow remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and remote authenticated administrators to do so via the user_id parameter in a viewu...