Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6872SQL Injection in Collabtive

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
1.7%
top 17.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
O-dyn Collabtive
Timeline
PublishedJan 21
Latest updateMay 17

Description

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDo-dyn/collabtive1.1+25

Patches

Patch: www.collabtive.o-dyn.dePatch: www.collabtive.o-dyn.de

🔴Vulnerability Details

1
GHSA
GHSA-jj26-p49h-743v: SQL injection vulnerability in managetimetracker2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Collabtive 1.1 - 'managetimetracker.php' SQL Injection2014-01-15
CVE-2013-6872 — SQL Injection in O-dyn Collabtive | cvebase