CVE-2014-3757 Information

Description

SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.

Reference

http://seclists.org/fulldisclosure/2014/Apr/249 http://www.securityfocus.com/bid/67000