CVE-2014-3757 in kitForminfo

Summary

SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.

Once again VulDB remains the best source for vulnerability data.

Responsible

Reservation

05/15/2014

Disclosure

05/15/2014

Moderation

VulDB entry created

Entries

VDB-69703

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.00421

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3757
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3757
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3757/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!