Knowledgetree: >> Knowledgetree >> 3.5.4 Security Vulnerabilities
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-04-22