CVE-2015-2564
ProjectSend (formerly cFTP) SQL Injection (CVE-2015-2564) affects client-edit.php in r561. An authenticated remote attacker can exploit the vulnerability via the id parameter to users-edit.php to execute arbitrary SQL commands. Root cause: inadequate input filtering for id leading to SQL injectio...