Launchpad.net

CVE 2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.

See the CVE page on Mitre.org for more details.

References