1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2014-2737 – KnowledgeTree Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-2737
20 Apr 2014 — SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. Vulnerabilidad de inyección SQL en la función get_active_session en la clase KTAPI_UserSession en webservice/clienttools/services/mdownload.php en KnowledgeTree 3.7.0.2 y anteriores permite a atacantes remotos ejecut... • http://www.securityfocus.com/archive/1/531886/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •