SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T10:21:36.061Z
Reserved: 2014-04-08T00:00:00
Link: CVE-2014-2737

No data.

Status : Deferred
Published: 2014-04-22T14:23:35.923
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-2737

No data.