Lucene search
HistoryJan 21, 2014 - 3:17 p.m.
CVE-2013-6872
cve-2013-6872
sql injection
collabtive
vulnerability
remote authenticated user
arbitrary sql commands
managetimetracker.php
projectpdf action
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.5%
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
Affected configurations
Node
o-dyncollabtiveRange≤1.1
ORo-dyncollabtiveMatch0.1
ORo-dyncollabtiveMatch0.2
ORo-dyncollabtiveMatch0.2.5
ORo-dyncollabtiveMatch0.3
ORo-dyncollabtiveMatch0.3.5
ORo-dyncollabtiveMatch0.3.6
ORo-dyncollabtiveMatch0.4
ORo-dyncollabtiveMatch0.4.5
ORo-dyncollabtiveMatch0.4.6
ORo-dyncollabtiveMatch0.4.7
ORo-dyncollabtiveMatch0.4.8
ORo-dyncollabtiveMatch0.4.9
ORo-dyncollabtiveMatch0.4.9.1
ORo-dyncollabtiveMatch0.5.1
ORo-dyncollabtiveMatch0.5.5
ORo-dyncollabtiveMatch0.6
ORo-dyncollabtiveMatch0.6.1
ORo-dyncollabtiveMatch0.6.2
ORo-dyncollabtiveMatch0.6.3
ORo-dyncollabtiveMatch0.6.4
ORo-dyncollabtiveMatch0.6.5
ORo-dyncollabtiveMatch0.7
ORo-dyncollabtiveMatch0.7.5
ORo-dyncollabtiveMatch0.7.6
ORo-dyncollabtiveMatch1.0
Related
ubuntucve
ubuntucve
CVE-2013-6872
2014-01-21 00:00:00
prion
prion
Sql injection
2014-01-21 15:17:00
cvelist
cvelist
CVE-2013-6872
2014-01-21 15:00:00
nvd
nvd
CVE-2013-6872
2014-01-21 15:17:06
packetstorm
packetstorm
Collabtive 1.1 SQL Injection
2014-01-14 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.5%
Related for CVE-2013-6872