Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3246SQL Injection in Collabtive

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
1.3%
top 20.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
O-dyn Collabtive
Timeline
PublishedMay 13
Latest updateMay 17

Description

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-3ghj-f9w6-vh8h: SQL injection vulnerability in Collabtive 12022-05-17

💥Exploits & PoCs

1
Exploit-DB
Collabtive 1.2 - SQL Injection2014-05-08
CVE-2014-3246 — SQL Injection in O-dyn Collabtive | cvebase