Metaways: Security Vulnerabilities
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-01
Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-04-10