SQL Injection Vulnerability in HumHub 0.10.0-rc.1 and Earlier

SQL Injection Vulnerability in HumHub 0.10.0-rc.1 and Earlier

CVE-2014-9528 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.

Learn more about our User Device Pen Test.