CVE-2014-3757

SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.

Date published : 2014-05-15

http://www.securityfocus.com/bid/67000

http://seclists.org/fulldisclosure/2014/Apr/249