CVE-2014-3757
CVE-2014-3757 involves a SQL injection in sorter.php of the phpManufaktur kitForm extension (v0.43 and earlier) used with the KeepInTouch (KIT) module. The vulnerability arises from unsafely handling the sorter_value parameter, enabling remote attackers to forge and execute arbitrary SQL commands...