Vulnerability Details CVE-2014-3757
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-3757
-
cpe:2.3:a:phpmanufaktur:kitform:0.10
-
cpe:2.3:a:phpmanufaktur:kitform:0.11
-
cpe:2.3:a:phpmanufaktur:kitform:0.12
-
cpe:2.3:a:phpmanufaktur:kitform:0.13
-
cpe:2.3:a:phpmanufaktur:kitform:0.14
-
cpe:2.3:a:phpmanufaktur:kitform:0.15
-
cpe:2.3:a:phpmanufaktur:kitform:0.16
-
cpe:2.3:a:phpmanufaktur:kitform:0.17
-
cpe:2.3:a:phpmanufaktur:kitform:0.18
-
cpe:2.3:a:phpmanufaktur:kitform:0.19
-
cpe:2.3:a:phpmanufaktur:kitform:0.20
-
cpe:2.3:a:phpmanufaktur:kitform:0.21
-
cpe:2.3:a:phpmanufaktur:kitform:0.22
-
cpe:2.3:a:phpmanufaktur:kitform:0.23
-
cpe:2.3:a:phpmanufaktur:kitform:0.24
-
cpe:2.3:a:phpmanufaktur:kitform:0.25
-
cpe:2.3:a:phpmanufaktur:kitform:0.26
-
cpe:2.3:a:phpmanufaktur:kitform:0.27
-
cpe:2.3:a:phpmanufaktur:kitform:0.28
-
cpe:2.3:a:phpmanufaktur:kitform:0.29
-
cpe:2.3:a:phpmanufaktur:kitform:0.30
-
cpe:2.3:a:phpmanufaktur:kitform:0.31
-
cpe:2.3:a:phpmanufaktur:kitform:0.32
-
cpe:2.3:a:phpmanufaktur:kitform:0.33
-
cpe:2.3:a:phpmanufaktur:kitform:0.34
-
cpe:2.3:a:phpmanufaktur:kitform:0.35
-
cpe:2.3:a:phpmanufaktur:kitform:0.36
-
cpe:2.3:a:phpmanufaktur:kitform:0.37
-
cpe:2.3:a:phpmanufaktur:kitform:0.38
-
cpe:2.3:a:phpmanufaktur:kitform:0.39
-
cpe:2.3:a:phpmanufaktur:kitform:0.40
-
cpe:2.3:a:phpmanufaktur:kitform:0.41
-
cpe:2.3:a:phpmanufaktur:kitform:0.42
-
cpe:2.3:a:phpmanufaktur:kitform:0.43