CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2737 – KnowledgeTree Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-2737
20 Apr 2014 — SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. Vulnerabilidad de inyección SQL en la función get_active_session en la clase KTAPI_UserSession en webservice/clienttools/services/mdownload.php en KnowledgeTree 3.7.0.2 y anteriores permite a atacantes remotos ejecut... • http://www.securityfocus.com/archive/1/531886/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2443
https://notcve.org/view.php?id=CVE-2006-2443
18 May 2006 — The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348306 •