CVE-2014-4736

CVE-2014-4736 describes an SQL injection in E2 before 2.4 (2845) via the note-id parameter to /@actions/comment-process. The root cause is insufficient input sanitization, allowing remote attackers to inject arbitrary SQL commands, potentially adding/modifying/deleting records or gaining site acc...