In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-09-01
Updated
2023-09-07
Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path.
Max CVSS
5.0
EPSS Score
0.41%
Published
2011-04-10
Updated
2018-10-09
2 vulnerabilities found