CVE-2012-4240

SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

Date published : 2014-09-11

http://www.securityfocus.com/bid/55383

http://archives.neohapsis.com/archives/bugtraq/2012-09/0011.html