CVE-2013-6872

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-6872
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.collabtive.o-dyn.de/blog/?p=621#more-621 Patch
http://www.exploit-db.com/exploits/30946 Exploit
http://www.securityfocus.com/bid/64943 Exploit
http://seclists.org/fulldisclosure/2014/Jan/72 Exploit
http://packetstormsecurity.com/files/124777/Collabtive-1.1-SQL-Injection.html Exploit
http://osvdb.org/102123
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:o-dyn:collabtive:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.6:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.1:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:*:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:1.0:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.2:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.7:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:o-dyn:collabtive:0.3:*:*:*:*:*:*:*
Information

Published : 2014-01-21 07:17

Updated : 2015-07-28 07:49

NVD link : CVE-2013-6872

Mitre link : CVE-2013-6872

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

o-dyn

  • collabtive