CVE-2014-3757CVE-2014-3757

Affected configuration(s):

cpe:/a:phpmanufaktur:kitform:0.10::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.11::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.12::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.13::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.14::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.15::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.16::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.17::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.18::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.19::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.20::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.21::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.22::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.23::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.24::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.25::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.26::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.27::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.28::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.29::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.30::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.31::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.32::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.33::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.34::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.35::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.36::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.37::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.38::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.39::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.40::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.41::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.42::~~~keepintouch~~
cpe:/a:phpmanufaktur:kitform:0.43::~~~keepintouch~~

Date published: 2014-05-15T10:55:07.543-04:00

Date last modified: 2015-10-21T12:23:45.193-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://seclists.org/fulldisclosure/2014/Apr/249

Summary: SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.