SQL Injection Vulnerability in Cotonti Web Application
CVE-2013-4789

Currently unrated

Key Information:

Vendor: Cotonti
Status: Cotonti Siena
Vendor: CVE Published:; 9 August 2013

What is CVE-2013-4789?

An SQL injection vulnerability exists in the modules/rss/rss.php file of Cotonti, allowing remote attackers to execute arbitrary SQL statements through manipulation of the 'c' parameter in index.php. This security flaw can lead to unauthorized access to sensitive data and potential compromise of the entire web application. Users are advised to update to version 0.9.14 or later to mitigate this threat.

References

http://www.cotonti.com/news/announce/siena_0914_released

x_refsource_CONFIRM

https://github.com/Cotonti/Cotonti/commit/45eec046391afab...

x_refsource_CONFIRM

http://www.cotonti.com/forums?m=posts&q=7475

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 9, 2013

CVE-2013-4789 Data

JSON