Knowledgetree : Security Vulnerabilities, CVEs, CVSS score >= 5
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
Max CVSS
7.5
EPSS Score
0.29%
Published
2014-04-22
Updated
2018-10-09
1 vulnerabilities found