Lucene search
K

4 matches found

securityvulns
securityvulns
added 2014/05/04 12:0 a.m.91 views

Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2

Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection CVE-2014-2737 ============ The application is vulnerable to blind SQL injection which is...

7.5CVSS7.5AI score0.01164EPSS
Exploits1
0day.today
0day.today
added 2014/04/23 12:0 a.m.57 views

KnowledgeTree Blind SQL Injection Vulnerability

KnowledgeTree suffers from a remote blind SQL injection vulnerability. Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection CVE-2014-2737...

7.5CVSS7.6AI score0.01164EPSS
Exploits1
NVD
NVD
added 2014/04/22 2:23 p.m.21 views

CVE-2014-2737

SQL injection vulnerability in the getactivesession function in the KTAPIUserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function...

7.5CVSS8.3AI score0.01164EPSS
Exploits1References2
CVE
CVE
added 2014/04/22 2:0 p.m.50 views

CVE-2014-2737

KnowledgeTree 3.7.0.2 and earlier is affected by a blind SQL injection in webservice/clienttools/services/mdownload.php. The vulnerability stems from an unparameterized query in KTAPI_UserSession.get_active_session, where an unvalidated u parameter is used in getFileName, allowing remote attacker...

7.5CVSS8.6AI score0.01164EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder