← volver
CVE-2014-2737

CVE-2014-2737

EPSS 1.2%
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://www.securityfocus.com/archive/1/531886/100/0/threadedhttp://www.securityfocus.com/bid/66988