CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

Published: Jan 21, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6872
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
o-dyn / collabtive	1.0	1.0.x
o-dyn / collabtive	0.3.6	0.3.6.x
o-dyn / collabtive	0.2	0.2.x
o-dyn / collabtive	0.7.5	0.7.5.x
o-dyn / collabtive	0.6.2	0.6.2.x
o-dyn / collabtive	0.6.3	0.6.3.x
o-dyn / collabtive	0.6.5	0.6.5.x
o-dyn / collabtive	0.7	0.7.x
o-dyn / collabtive	0.7.6	0.7.6.x
o-dyn / collabtive	0.5.1	0.5.1.x
o-dyn / collabtive	0.4.9.1	0.4.9.1.x
o-dyn / collabtive	0.3.5	0.3.5.x
o-dyn / collabtive	0.1	0.1.x
o-dyn / collabtive	0.4.9	0.4.9.x
o-dyn / collabtive	0.4.7	0.4.7.x
o-dyn / collabtive	0.4	0.4.x
o-dyn / collabtive	0.2.5	0.2.5.x
o-dyn / collabtive	0.4.6	0.4.6.x
o-dyn / collabtive	0.6.4	0.6.4.x
o-dyn / collabtive	0.4.5	0.4.5.x
o-dyn / collabtive	0.4.8	0.4.8.x
o-dyn / collabtive	0.5.5	0.5.5.x
o-dyn / collabtive	-	1.1.x
o-dyn / collabtive	0.6	0.6.x
o-dyn / collabtive	0.3	0.3.x
o-dyn / collabtive	0.6.1	0.6.1.x

Vulnerability Database

CVE-2013-6872