6 matches found
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...
CVE-2012-5701
DotProject 2.x is vulnerable to SQL injection via multiple parameters (search_string, where, dept_id, project_id[], company_id) in index.php, enabling remote authenticated admins to run arbitrary SQL (and CSRF may enable exploitation). Root cause: insufficient input sanitization in those GET para...
Multiple vulnerabilities in dotProject
Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...
dotProject 2.1.6 Cross Site Scripting / SQL Injection
dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosur...
dotProject 2.1.6 Cross Site Scripting / SQL Injection
Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...
CVE-2012-5701
creationtimestamp| type| source ---|---|--- 2012-11-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38042...