Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/693092 | Exploit US Government Resource |
Configurations
History
No history.
Information
Published : 2014-05-08 10:55
Updated : 2024-02-04 18:35
NVD link : CVE-2014-2934
Mitre link : CVE-2014-2934
CVE.ORG link : CVE-2014-2934
JSON object : View
Products Affected
caldera
- caldera
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')