CVE-2014-8995
CVE-2014-8995 is an SQL injection vulnerability in Maarch LetterBox 2.8, enabling remote attackers to execute arbitrary SQL commands via the UserId cookie. The root cause is insecure handling of the UserId cookie that feeds into SQL queries. Affected software is Maarch LetterBox 2.8; the vulnerab...